[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Secure Server Access - 2nd Request
- Subject: Re: [cobalt-developers] Secure Server Access - 2nd Request
- From: "Rob Spurlock" <rspurlock@xxxxxxxxxxxx>
- Date: Thu May 11 12:27:55 2000
In the only case we allow people to "share" our secure server is thus:
They have a generic form (perhaps CC info is asked for). It's for
formhandling only.
Is there a way to allow that customer access to a folder under the secure
site?
Thanks,
Rob
----- Original Message -----
From: "Michael Zimmermann" <zim@xxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Thursday, May 11, 2000 3:12 PM
Subject: Re: [cobalt-developers] Secure Server Access - 2nd Request
> Hi Rob,
>
> well, as I see it, there are 2 things to consider:
>
>
>
> 1.) Legal Stuff
> ---------------
>
> When your customers run their pages and CGI's
> under your certificate, YOU are actually the one
> who is doing business with the end-users as an
> de-facto agent for your customers. This should be
> based on a clear and waterproof agreement between
> you and your customers.
>
> Personally I would not do it, because the possible
> problems are not worth the extra savings in my
> opinion. Perhaps this might even be a violation of
> your contract with the certificate's authority.
>
> But that's not what you asked - I'm not
> in your shoes, anyway.
>
>
>
> 2.) technical solution
> --------------------
>
> There are many different ways to do it technically, the main
> thing is to decide, wether the CGIs are run under your user-id
> or theirs. E.g.:
>
> a)
> CGI/PHP script to deliver the customers contents
> as part of your site. No CGI's except the ones
> you provide. The pages are fetched and filtered
> from defined subdirectories your customer provides
> e.g. .../site/secure
>
> b)
> subdirectories with appropiate permissions linked
> to the secure part of each of your customers space.
> CGI's run under the customers user-id.
>
>
> Conclusion
> -----------
>
> If I would do it at all, I would prefer version a) over
> version b), because a) would allow me to log the
> transactions (including IP-Adresses and such)
> for later dispute-resolutions, security reasons and
> as a backup for the records of your customers.
>
> Thus I would not only act as an proforma agent for
> my customers, but also help them with technical and
> organisational matters. That's more value for their bucks.
> And safer for all participants.
>
> Hope that helped.
>
> Michael
>
> --------------------------------------------------
>
> From: Rob Spurlock <rspurlock@xxxxxxxxxxxx>
> > We have a Raq2, with a main (shared) secure cert for [...snip...]
> > We have other customers who want to "use" our secure server to
> > put forms etc on it for CC info.
> >
> > We are setting the same customers up on the same Raq2 under
> > their own domain.
> >
> > How do I allow those customers to FTP or Frontpage to
> > their secure directory so they may upload files etc without
> > us having to post the files for them?
> >
> > Any ideas?
> >
> > Thanks,
> >
> > Rob Spurlock
> > Lock-Net Internet
>
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers