Re: Protected Archives

1998-01-06 16:00:09
  I just created a web-based archive using MHonarc for a mailing list I 
belong to, but the list's membership would like to keep the archives
'private' since the topics discussed often involve sensitive biomedical
questions or unpublished research findings. I thought about implementing
a password-based access to the archives but preliminary indications
are that having to always supply a password can quickly become annoying.
I think that an authentication system based on the subscribers' computer
hostname, name, or email address would be best. That is, the server
would simply match the users' name or computer hostname to an entry in
a database to give or deny access.

This is not very secure since that type of information can be
easily faked.  I.e.  That information is provided by the client
connecting to the server.  The client could lie.  Also, it requires
that client send the proper information needed.

I see no problem with basic HTTP authentication.  It would be like
logining into a computer.  Once the username and password have been
supplied for the first request, the client automatically resends the
username/password for subsequent requests.  Relogining in would be
required on a new instance of a client (eg: the user exits the client
and restarts at a later time), unless the client has the ability to
save passwords.

To make administration easier, you can have a single username/password
for all subscribers of the list, or the same password for all valid
users.  But it would be better if each subscriber had a unique username
and different passwords.  If your mailing list software works with
passwords for subscribers, you may be able to use the same passwords
for Web access.


<Prev in Thread] Current Thread [Next in Thread>