| | | | | |
|  |  | |
|  |  |  | |
|                |  | S/Web Security Security is a contentious issue, the news is always full of stories of the latest hack attack, denial of service or site high-jacking. Sprezzatura realise that site administrators take their job seriously and for this reason we have provided this page to details how S/Web works and how we can work with site administrators to make their S/Web enabled site as secure as their corporate policies dictate. To greatly oversimplify the way in which S/Web works to introduce the security issues :- The web client issues a request which invokes our custom ISAPI dll on the web server. This dll writes a request out to a nominated "In queue" which is shared with the ARev/OpenInsight based portion of S/Web. It then waits for the response to appear on another nominated "Out queue" and returns this to the client. Thus the following scenarios are all valid.
Thus the SWEB.DLL routine needs to have create/read/write/delete access to both the "In" and "Out" directories wherever they are located as doe the Arev/OpenInsight application user. This can be achieved by mapped drives, or in the case of the SWEB dll, UNC drives. Thus it can be seen that for SWEB to be implemented "out of the box", the Web Server must be able to see the network the Revelation application sits on, or the network application must be able to see the Web Server or both. Sprezzatura realise that certain highly secure organisations have security policies that make these requirements impossible. Under these circumstances Sprezzatura can offer two options :-
All that is needed is that in some way the original HTTP request be placed on a server that the network application can see, and that the response created by S/WEB can be returned to the client. We can work with your security analysts to provide more detail as required.
| | | |
| Copyright © 2005 The Sprezzatura Group. All rights reserved. | |
