| Abstract: |
Secure web access is a common requirement especially for offsite
access. However, efficiently implementing such a goal without many web
infrastructure changes raises nontrivial problems. Requiring users to change
numerous links, documents, and bookmarks with embedded URLs to accommodate new secure web
servers (i.e. http to https) has the potential for being quite disruptive to the work
environment. The following tools work to provide a nearly seamless integration of
secure offsite web access to existing web servers, assuming some type of authentication
infrastructure already exists.
We have developed a solution that allows users to continue using existing URLs unchanged
while still providing secure (https) access when needed, automatically. This tool
(specifically, a Netscape web server plug-in) circumvents unnecessary changes and still
allows for the use of SSL web servers as needed.
Another tool addresses another separate but related problem: the administration of the
potentially large number of protected directories on various web servers. To solve
this problem, a tool has been developed that enables authorized administrators to view the
protections on web directories (i.e. automatic redirection, domain-based authentication,
etc.) This overview of all protected directories allows for easy verification and auditing
capabilities. |
