[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Secure Server Access - 2nd Request

Subject: Re: [cobalt-developers] Secure Server Access - 2nd Request
From: "Michael Zimmermann" <zim@xxxxxxxx>
Date: Thu May 11 12:13:14 2000

Hi Rob,

well, as I see it, there are 2 things to consider:



1.) Legal Stuff
---------------

When your customers run their pages and CGI's
under your certificate, YOU are actually the one
who is doing business with the end-users as an
de-facto agent for your customers. This should be 
based on a clear and waterproof agreement between 
you and your customers.

Personally I would not do it, because the possible
problems are not worth the extra savings in my
opinion. Perhaps this might even be a violation of
your contract with the certificate's authority.

But that's not what you asked - I'm not
in your shoes, anyway.



2.) technical solution
--------------------

There are many different ways to do it technically, the main
thing is to decide, wether the CGIs are run under your user-id
or theirs. E.g.:

a)
CGI/PHP script to deliver the customers contents
as part of your site. No CGI's except the ones
you provide. The pages are fetched and filtered
from defined subdirectories your customer provides
e.g. .../site/secure

b)
subdirectories with appropiate permissions linked
to the secure part of each of your customers space.
CGI's run under the customers user-id.


Conclusion
-----------

If I would do it at all, I would prefer version a) over
version b), because a) would allow me to log the 
transactions (including IP-Adresses and such)
for later dispute-resolutions, security reasons and
as a backup for the records of your customers.

Thus I would not only act as an proforma agent for 
my customers, but also help them with technical and
organisational matters. That's more value for their bucks.
And safer for all participants.

Hope that helped.

Michael

--------------------------------------------------

From: Rob Spurlock <rspurlock@xxxxxxxxxxxx>
>  We have a Raq2, with a main (shared) secure cert for [...snip...]
>  We have other customers who want to "use" our secure server to 
>  put forms etc on it for CC info.
> 
>  We are setting the same customers up on the same Raq2 under 
>  their own domain.
> 
>  How do I allow those customers to FTP or Frontpage to 
>  their secure directory so they may upload files etc without 
>  us having to post the files for them?
> 
>  Any ideas?
> 
>  Thanks,
> 
>  Rob Spurlock
>  Lock-Net Internet

Follow-Ups:
- Re: [cobalt-developers] Secure Server Access - 2nd Request
  - From: Rob Spurlock
- Re: [cobalt-developers] Secure Server Access - 2nd Request
  - From: Michael

References:
- [cobalt-developers] Secure Server Access - 2nd Request
  - From: Rob Spurlock

Prev by Date: Re: [cobalt-developers] NFS mounting
Next by Date: Re: [cobalt-developers] Secure Server Access - 2nd Request
Previous by thread: [cobalt-developers] Secure Server Access - 2nd Request
Next by thread: Re: [cobalt-developers] Secure Server Access - 2nd Request

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index