WebStack

docs/securing.html

400:5b276bbcbbb5
2005-07-16 paulb [project @ 2005-07-16 20:32:38 by paulb] Changed virtual path info in sub-resources so that it may be an empty string.
     1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">     2 <html xmlns="http://www.w3.org/1999/xhtml">     3 <head>     4   <title>Securing a WebStack Application</title>     5   <meta name="generator"     6  content="amaya 8.1a, see http://www.w3.org/Amaya/" />     7   <link href="styles.css" rel="stylesheet" type="text/css" />     8 </head>     9 <body>    10 <h1>Securing a WebStack Application</h1>    11 <p>Making sure that Web applications are "secure" involves many    12 different    13 aspects of application design, deployment and administration. This    14 guide currently only covers the usage of the authentication features of    15 the WebStack API.</p>    16 <h2>Authentication in WebStack</h2>    17 <p>There are two principal methods of introducing authentication and    18 applying    19 access control to WebStack applications:</p>    20 <ul>    21   <li><a href="authenticators.html">Application-Wide Authenticators</a></li>    22   <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li>    23 </ul>    24 <p>Here is a comparison of the features of these mechanisms:</p>    25 <table border="1" cellpadding="5" cellspacing="0">    26   <tbody>    27     <tr>    28       <td></td>    29       <th>Application-Wide Authenticators</th>    30       <th>LoginRedirect and Login Modules</th>    31     </tr>    32     <tr>    33       <th>Deployment</th>    34       <td>    35       <ul>    36         <li>Some Web server configuration required.</li>    37         <li>The application only requires an additional object to be    38 instantiated to support authentication.</li>    39       </ul>    40       </td>    41       <td>    42       <ul>    43         <li>An additional login application or resource must be    44 deployed.</li>    45       </ul>    46       </td>    47     </tr>    48     <tr>    49       <th>Flexibility</th>    50       <td>    51       <ul>    52         <li>The user experience may seem too inflexible or unfriendly -    53 users may only get the login dialogue.</li>    54         <li>There is also probably no logout function, since it    55 requires browser support.</li>    56         <li> HTTP-style authentication is well understood and supported    57 when automating client access.</li>    58       </ul>    59       </td>    60       <td>    61       <ul>    62         <li>The login and logout activities can be customised to suit    63 the appearance of the rest of the application.</li>    64         <li> Many applications can share the same login application,    65 providing a "single sign-on" experience and potentially reduced    66 administrative overhead.</li>    67       </ul>    68       </td>    69     </tr>    70   </tbody>    71 </table>    72 </body>    73 </html>