[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting access to website ???



Aaron <aaron@core-dev.com> [2003:10:04:15:02:38-0400] scribed:
> Michael D Schleif <mds@helices.org> said,
> > We are working on a web-based application.  It will use mod_ssl to
> > secure transactions.
> > 
> > We want to limit access to the application.  Yes, we have
> > username/password authentication; but, we are also considering
> > host-based limits.
> > 
> > Can this be done with [mod_]ssl?  Can access to a website require a
> > certificate on the browser side?  If so, please, point me in the right
> > direction (e.g., URL's, documentation, applications, &c.)
> 
> Dare I suggest www.apache.org?

Yes, you may.

I have reacquainted myself with this:

   <http://httpd.apache.org/docs/misc/FAQ.html#dnsauth>

However, I am wondering whether or not this can be done with SSL-type
certificates?  I admit that I have not gone completely through all of
the mod_auth* alternatives . . .

I am clear how SSL certificates establish trust -- client/browser trust
of the remote webserver/application.

Can this be inverted?  Can the webserver/application establish trust of
the client/browser via certificates, or something similar?  We are
looking for some authentication of the client side that does *not*
require userland interaction.

If this is google-able, please, help me with search criteria . . .

What do you think?

-- 
Best Regards,

mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
--

Attachment: pgpPDZbopp_bE.pgp
Description: PGP signature


Reply to: