paulb@328 | 1 | <?xml version="1.0" encoding="iso-8859-1"?> |
paulb@328 | 2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
paulb@333 | 3 | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
paulb@328 | 4 | <html xmlns="http://www.w3.org/1999/xhtml"> |
paulb@328 | 5 | <head> |
paulb@328 | 6 | <title>Securing a WebStack Application</title> |
paulb@328 | 7 | <meta name="generator" content="amaya 8.1a, see http://www.w3.org/Amaya/" /> |
paulb@328 | 8 | <link href="styles.css" rel="stylesheet" type="text/css" /> |
paulb@328 | 9 | </head> |
paulb@328 | 10 | |
paulb@328 | 11 | <body> |
paulb@328 | 12 | <h1>Securing a WebStack Application</h1> |
paulb@328 | 13 | |
paulb@328 | 14 | <p>Making sure that Web applications are "secure" involves many different |
paulb@328 | 15 | aspects of application design, deployment and administration. This document |
paulb@328 | 16 | covers only the usage of the authentication features of the WebStack API.</p> |
paulb@328 | 17 | |
paulb@328 | 18 | <h2>Authentication in WebStack</h2> |
paulb@328 | 19 | |
paulb@328 | 20 | <p>There are two principal methods of introducing authentication and applying |
paulb@328 | 21 | access control to WebStack applications:</p> |
paulb@328 | 22 | <ul> |
paulb@328 | 23 | <li>Use of authenticators, where the "remote user" is set in the |
paulb@328 | 24 | server/framework environment and tested in the application.</li> |
paulb@328 | 25 | <li>Use of the <code>WebStack.Resources.LoginRedirect</code> and |
paulb@328 | 26 | <code>WebStack.Resources.Login</code> modules.</li> |
paulb@328 | 27 | </ul> |
paulb@328 | 28 | |
paulb@333 | 29 | <h2>Choosing an Authentication Strategy</h2> |
paulb@333 | 30 | <ul> |
paulb@333 | 31 | <li><a href="authenticators.html">Application-Wide Authenticators</a></li> |
paulb@333 | 32 | <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li> |
paulb@333 | 33 | </ul> |
paulb@328 | 34 | </body> |
paulb@328 | 35 | </html> |