RE: about portal security

["Scovetta, Michael V" <Michael.Scovetta () ca com>]

Hi!
  You *really* need to define better what you're asking. What kind of
"security" do you have for the portal? For instance, if it's
basic/digest, then it should be fine on the extranet (assuming you have
users on the outside). If it's NTLM/Kerberos, it may have a problem
going through proxies, so you don't want to use them on extranet sites,
usually. A "portal" is usually nothing more than a fancy iframe
framework, but the portal pages are either:
        http://sub-site.domain.com/page11.html
or
        http://main-portal.domain.com/?get_page=page11.html

In the former, the request goes right to the extranet site, you'll have
to secure it separately. In the later, you can leverage existing
security (assuming that main-portal.domain.com is on the extranet.

So, there's no quick answer there, sorry.

Michael Scovetta
Computer Associates
Application Developer
tel: +1 631 342 3139
cell: +1 813 727 5772
michael.scovetta () ca com

> -----Original Message-----
> From: info () biledge com [mailto:info () biledge com]
> Sent: Wednesday, June 09, 2004 5:27 AM
> To: webappsec () securityfocus com
> Subject: about portal security
>
> hi,
>
> i need to secure a web portal with 7,000 members. certain pages will
be
> extranet
> and i am not sure if i will need to secure them separately.
> if i have security for the portal, does that mean i have security for
the
> extranet
> part of the portal too ?
> thank you for the helps, thank you for no helps too :)
> regards,
> bilur