RE: about portal security

["Brian Pomeroy" <lunar () voicenet com>]

Dear Bilur:

What kind of portal software are you using?  In a typical secured portal
environment, users would authenticate once, be served content based on their
identity (role, management level, physical location, etc.) and be allowed
access only to authorized content so long as their session was active.  In
an extranet environment, you also need to consider things like encryption
and two-factor authentication (password + a physical or digital token).

Brian Pomeroy
Emerging Technologies & Strategy // Information Services
The Children's Hospital of Philadelphia
http://www.chop.edu/
pomeroy () email chop edu
Personal website:  http://www.voicenet.com/~lunar/


-----Original Message-----
From: info () biledge com [mailto:info () biledge com] 
Sent: Wednesday, June 09, 2004 5:27 AM
To: webappsec () securityfocus com
Subject: about portal security

hi,

i need to secure a web portal with 7,000 members. certain pages will be
extranet 
and i am not sure if i will need to secure them separately. 
if i have security for the portal, does that mean i have security for the
extranet 
part of the portal too ?
thank you for the helps, thank you for no helps too :)
regards,
bilur