WebApp Sec mailing list archives
RE: about portal security
From: "Scovetta, Michael V" <Michael.Scovetta () ca com>
Date: Wed, 9 Jun 2004 09:23:04 -0400
Hi! You *really* need to define better what you're asking. What kind of "security" do you have for the portal? For instance, if it's basic/digest, then it should be fine on the extranet (assuming you have users on the outside). If it's NTLM/Kerberos, it may have a problem going through proxies, so you don't want to use them on extranet sites, usually. A "portal" is usually nothing more than a fancy iframe framework, but the portal pages are either: http://sub-site.domain.com/page11.html or http://main-portal.domain.com/?get_page=page11.html In the former, the request goes right to the extranet site, you'll have to secure it separately. In the later, you can leverage existing security (assuming that main-portal.domain.com is on the extranet. So, there's no quick answer there, sorry. Michael Scovetta Computer Associates Application Developer tel: +1 631 342 3139 cell: +1 813 727 5772 michael.scovetta () ca com
-----Original Message----- From: info () biledge com [mailto:info () biledge com] Sent: Wednesday, June 09, 2004 5:27 AM To: webappsec () securityfocus com Subject: about portal security hi, i need to secure a web portal with 7,000 members. certain pages will
be
extranet and i am not sure if i will need to secure them separately. if i have security for the portal, does that mean i have security for
the
extranet part of the portal too ? thank you for the helps, thank you for no helps too :) regards, bilur
Current thread:
- about portal security info (Jun 09)
- Re: about portal security Dwayne Ghant (Jun 09)
- RE: about portal security Brian Pomeroy (Jun 10)
- <Possible follow-ups>
- RE: about portal security Scovetta, Michael V (Jun 09)