O'Reilly logo

Web Security, Privacy & Commerce, 2nd Edition by Gene Spafford, Simson Garfinkel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 20. Controlling Access to Your Web Content

Organizations run web servers because they are an easy way to distribute information to people on the Internet. But sometimes you don’t want to distribute your information to everybody. For instance, you might have:

  • Information on your web server intended only for employees of your organization

  • An electronic publication that contains articles that are only available to customers who have paid a monthly subscription fee.

  • Confidential technical information that is only for customers who have signed nondisclosure agreements

  • A web-based interface to your order-entry system that is open to preauthorized users, but should not be open to the general public

These scenarios have different access control requirements. Fortunately, today’s web servers have a variety of ways to restrict access to information.

Access Control Strategies

There are a number of techniques that can be used to control access to web-based information:

  • Restricting access by using URLs that are “secret”—that is, URLs that are hidden and unpublished

  • Restricting access to a particular group of computers based on those computers’ hostnames or Internet addresses

  • Restricting access to a particular group of users based on their identity

Most web servers can use these techniques to restrict access to HTML pages, CGI scripts, and API-invoking files. These techniques can be used alone or in combination. You can also add additional access control mechanisms to your own CGI and API programs. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required