Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ... may be a dumb question ?

From: ossinfo () osschicago com
Date: Mon, 5 Jan 2004 12:16:35 -0600

Try this content management system, there is a demo on their site, i use
this for creating secure areas and for "non-techie's" its very simple for
them to publish content using the system.

http://www.plainblack.com

The product is called WebGUI

Good Luck!

Tiffany
Open Source Software Chicago
http://www.osschicago.com
ossinfo () osschicago com



                                                                                                                        
               
                      Jimi Thompson                                                                                     
               
                      <jimit@myrealbox.        To:       Michael Gale <michael () bluesuperman com>                     
                  
                      com>                     cc:       security-basics () securityfocus com                           
                  
                                               Subject:  Re: ... may be a dumb question ?                               
               
                      01/04/2004 11:51                                                                                  
               
                      PM                                                                                                
               
                                                                                                                        
               
                                                                                                                        
               




Michael Gale wrote:


Hello,

           I have a question, I want to make a secure web site for me and

a few

people. So this is my crazy design.

I setup Apache with PHP and am using mod_ssl. I created my own CA on a
linux box. I then created a CSR for the web server and
signed it with my CA.

Now I give all the people I want to have access to the site my ca.crt
and they import it into their browser. So now there browser will accept
my site's cert :) with out the warning.

Now if they are running a linux / unix box I can have them create a CSR
and have my CA sign it. Then they can import that cert into their
browser.

Now if I understand it correctly when the client accesses my site the
server and client will exchange certs and trust each other :) unless I
add the user to the CRL.

The rest of the traffic will be over SSL ... so is this a secure way of
allows access to a directory ?

Do you see any problems ?





Your URL's must all be https:// & not http://

HTH,

Jimi

---------------------------------------------------------------------------
----------------------------------------------------------------------------








---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: