WebApp Sec mailing list archives
Re: Authentication/Access-control libraries
From: George Capehart <gwc () capehassoc com>
Date: Wed, 3 Sep 2003 10:21:52 -0400
On Tue, Sep 02, 2003 at 09:05:31AM -0700, n30 wrote:
Gurus, Say I am a programmer designing an ecommerce site & wanting to write secure code. I have heard there are commercial & opensource secure libraries available out there that i can reuse for performing authentication and access control. Any links/pointers to them?? I am specifically looking for asp & java. But any language should be fine. I will get an insight into things.
If you're interested in implementing role-based access control, take a look at: http://csrc.nist.gov/rbac/ and go down to the section on downloadable software. That is relatively old, and CGI based. A Google search for "rbac + java" will give you lots to chew on. One of the pointers is to Oracle's implementation of RBAC in JAAS in 9iAS. I haven't worked with it, specifically, but Oracle has had a notion of roles and RBAC for more than ten years, now . . . Good luck, George Capehart -- George W. Capehart "With sufficient thrust, pigs fly just fine . . ." -- RFC 1925
Current thread:
- Authentication/Access-control libraries n30 (Sep 02)
- Re: Authentication/Access-control libraries George Capehart (Sep 03)
- <Possible follow-ups>
- RE: Authentication/Access-control libraries Lapinski, Michael (Research) (Sep 02)
- Re: Authentication/Access-control libraries jdk (Sep 02)
- Re: Authentication/Access-control libraries cunningham . simon (Sep 03)
- RE: Authentication/Access-control libraries TUER, DON (Sep 03)
- RE: Authentication/Access-control libraries Sasha Romanosky (Sep 25)