Re: Can Jigsaw do this? from Eric Anderson on 1997-03-11 (www-jigsaw@w3.org from March to April 1997)

From: Eric Anderson <eric_anderson@MENTORG.COM>
Date: Tue, 11 Mar 1997 08:32:38 -0800
To: "Bill Woods" <bwoods@ccsmtp.memc.com>, www-jigsaw@w3.org
Message-Id: <9703110832.ZM28887@hpui>

Bill,
	I have not played with this type of administration in Jigsaw,
but I do know in general the answers to your questions. 

On Mar 11,  9:21am, Bill Woods wrote:
> Subject: Can Jigsaw do this?
>      
>      ----------------- Begin Excerpted message ---------------------------- 
>      1. Is it possible to post a homepage on the Intranet and keep REMOTE1 
>      and REMOTE2 from viewing it? NAME doesn't want joint ventures to view 
>      sensitive information but wants everyone else to have access.

Yes: It is a common server feature to have access control at various levels
that can check lists of hosts that they specifically accept or reject requests
from.  The advanatge of host based security is that you don't interrupt the user
by asking for password information.  The security is transparent to the user.
The disadvanatge is that you only have a general idea about who is accessing
your server and you trust the security at REMOTE3 whom you trust to keep a
user of REMOTE1 from using REMOTE3 to view your pages.

>      
>      2. Password control - How are passwords administered?  If a particular 
>      page is developed and served here at OUR_SITE and if it has a password 
>      required for access, how are those passwords controlled for users in 
>      REMOTE3, REMOTE4, etc.?  

Passwords are all administered from the server site.  Users at remote sites
enter their user name and password for verification by the server.  For
the purposes of server password control, there is only one username space
across the internet (with respect to a particular server).  The username
required for access on the server has nothing to do with the username by which
the user is logged into the remote site.

>      
>      3. Can we give a Netscape user here at OUR_SITE access to the Intranet 
>      but fully block all access to Internet? 

This is a function of how your corporate intranet is setup.  In general, this
would be the default.  For example, here at Mentor Graphics, the machine I use
sits on the intranet.  To have any access to the Internet, I must go through
some sort of proxy server that will forward my traffic through the firewall.

When I use the socks server that runs on the firewall machine, then I have
essentially unlimited access to the internet.  The socks server just shuffles
the tcp/ip packets over the wall for me.  If I use the caching proxy http
server here for WWW access, then it would be possible (easier) for our IT
department to limit the portion of the Internet that would be accessable to
me.

-- 
Eric Anderson			Phone: (503) 685-1102
eric_anderson@mentorg.com	Fax:   (503) 685-1282

Received on Tuesday, 11 March 1997 11:32:59 UTC