[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gomd-devel] Authentication follow-up

From: rbaardman
Subject: Re: [gomd-devel] Authentication follow-up
Date: Sun, 28 Sep 2003 21:27:33 +0200
User-agent: Internet Messaging Program (IMP) 3.1

> Some words about the encryption issue.
> Of course, as gomd is growing up, we need to implement a good security
> level.
> Encryption is just one of the thing needed.

Exactly :)

> As gomd can be contacted also by telnet clients, encryption cannot be
> used.
> So we've to distinguish amongst the clients.

Yes. I totally agree

> My idea is to provide a seclevel-by-client mechanism.
> - if gomd is contacted by a client using encryption, gomd will speak with
> encryption => all permissions granted

I think not. If for example a user (not admin) logs in using SSL he should 
not be able to do all kinds of stuff.

> - if gomd is contacted by a client _not_ using encryption, gomd will speak
> without encryption => ACL+strict security mode enabled.

My idear is to make the key concept users. SSL users will be able to login 
and non-SSL users will be something like user "nobody" by default.

> This stuff will be implemented after the first beta release.

ok, I'll be patient

Snel en voordelig ADSL nu voor iedereen bereikbaar.
Zon Breedband Budget voor EUR 14,95 per maand.
Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband

reply via email to

[Prev in Thread] Current Thread [Next in Thread]