Security of the Web server and the documents it contains
Publishing a document via a Web server allows some control over
the dissemination of the document. The quality of the control
depends on the amount of investment. Thinking carefully about
security is a way to add value to the documents individually and
to the Web site as a whole.
- The Web server can restrict access to a given directory based
on the Web client's name. This can be effective enough for many
purposes. There are two problems with this approach, however:
- A sophisticated user can "spoof" an address that
they know to have access. Some fire-walls prevent someone from
the outside pretending they have an Internet address from inside
the fire-wall, but the fire-walls around the University of Colorado
are apparently not completely effective in this regard.
- This level of discrimination may not be fine enough in the
sense that many people will share a host name and only some of
them should have access to a Web service.
- Whether directory level security will be used or not has an
impact on the design of the Web server's directory structure.
- The HTML form can request a username and password and verify
it against some database. Currently no IRM applications require
this level of security.