WebApp Sec mailing list archives

Re: Authentication/Access-control libraries

From: George Capehart <gwc () capehassoc com>
Date: Wed, 3 Sep 2003 10:21:52 -0400

On Tue, Sep 02, 2003 at 09:05:31AM -0700, n30 wrote:

Gurus,

Say I am a programmer designing an ecommerce site & wanting to write secure
code. I have heard there are commercial & opensource secure libraries
available out there that i can reuse for performing authentication and
access control.

Any links/pointers to them??

I am specifically looking for asp & java. But any language should be fine. I
will get an insight into things.


If you're interested in implementing role-based access control, take a
look at:  http://csrc.nist.gov/rbac/ and go down to the section on
downloadable software.  That is relatively old, and CGI based.  A Google
search for "rbac + java" will give you lots to chew on.  One of
the pointers is to Oracle's implementation of RBAC in JAAS in 9iAS.  I
haven't worked with it, specifically, but Oracle has had a notion of
roles and RBAC for more than ten years, now . . .

Good luck,

George Capehart
-- 
George W. Capehart

"With sufficient thrust, pigs fly just fine . . ."
 -- RFC 1925

Current thread:

Authentication/Access-control libraries n30 (Sep 02)
- Re: Authentication/Access-control libraries George Capehart (Sep 03)
- <Possible follow-ups>
- RE: Authentication/Access-control libraries Lapinski, Michael (Research) (Sep 02)
  - Re: Authentication/Access-control libraries jdk (Sep 02)
- Re: Authentication/Access-control libraries cunningham . simon (Sep 03)
  - RE: Authentication/Access-control libraries TUER, DON (Sep 03)
- RE: Authentication/Access-control libraries Sasha Romanosky (Sep 25)