By: Kurt Seifried, [email protected], Copyright Kurt Seifried, 2001
Making sensitive, internal information securely available on a www server for a company accessible over the Internet is an increasingly common problem. The mechanics of this are relatively simple, you protect the www servers heavily, with firewalling, constant security patches and so forth, and make users authenticate to them. This is where it gets interesting however, how should users authenticate to the www servers securely, and traverse to other www servers that the company runs without having to constantly re-authenticate? Having looked at this problem I came up with a common solution, but found it inadequate, so after thinking about it some more I decided to commit my thoughts down since this is a problem that will become increasingly common.