gomd-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gomd-devel] Authentication follow-up


From: rbaardman
Subject: Re: [gomd-devel] Authentication follow-up
Date: Sun, 28 Sep 2003 21:27:33 +0200
User-agent: Internet Messaging Program (IMP) 3.1

> Some words about the encryption issue.
> 
> Of course, as gomd is growing up, we need to implement a good security
> level.
> Encryption is just one of the thing needed.

Exactly :)

> As gomd can be contacted also by telnet clients, encryption cannot be
> used.
> So we've to distinguish amongst the clients.

Yes. I totally agree


> My idea is to provide a seclevel-by-client mechanism.
> - if gomd is contacted by a client using encryption, gomd will speak with
> encryption => all permissions granted

I think not. If for example a user (not admin) logs in using SSL he should 
not be able to do all kinds of stuff.

> - if gomd is contacted by a client _not_ using encryption, gomd will speak
> without encryption => ACL+strict security mode enabled.

My idear is to make the key concept users. SSL users will be able to login 
and non-SSL users will be something like user "nobody" by default.

> This stuff will be implemented after the first beta release.

ok, I'll be patient



-- 
_____________________________________________________________________
Snel en voordelig ADSL nu voor iedereen bereikbaar.
Zon Breedband Budget voor EUR 14,95 per maand.
Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband





reply via email to

[Prev in Thread] Current Thread [Next in Thread]