WanderWare Product Summary

The rapid adoption by organisations of WWW services as a channel to reach wider audiences and as a tool to conduct business has led to security challenges which were not anticipated in the original research orientation of such services. In particular, it was not foreseen that it would necessary to restrict access from the public at large.

At the point that a business begins to use a WWW service to publish materials that are to be restricted from general public access it needs to implement security measures to ensure that the material is accessible only to those sanctioned by the organisation as authorised users. These users may include the specific segments of the public in general, such as subscription membership sites, or may be restricted to internal groups such as employee portals for workforces deployed in the field.

In these situations, WanderWare offers sites the benefits of content protection and bandwidth protection from the effects of hot-linking, autobots, robots, searchbots, password sharing, autodownloaders, password crackers and password hurlers

The standard means of access is the client browser. All current browsers support a security mechanism based upon prompting for the user for an account name and password. It is also common to see custom login pages that implement the same account name and password challenges.

It is important to note that this account name and password combination accomplishes not one, but two tasks when properly implemented. The first is user authentication, the user is presumed by having knowledge of the password that he is the claimed account holder. The second, user authorization, is a side effect of the first. With knowledge of the identity of the user, it can also be established what privileges are available to the user in a one to one mapping.

However, the HTTP(hypertext transfer protocol) used for WWW services is stateless. This means that each page viewed by a user is independent from any other. The server has no knowledge of a sequence of actions from a user as being part of a whole. It is left up to site designers to implement any session state association on top of the WWW service and it's HTTP protocol.

WanderWare directly addresses the user authentication and user authorization requirements of membership based sites. Authentication identifies the user to the system and authorization defines the privileges granted to that particular user on the system.

The system design is efficient, high performance, highly scalable and non-intrusive to developers and users. This permits site owners to successfully deploy strong defensive regimes which are still highly acceptable to users without requiring the use of advanced programming techniques.

More particularly, the only effect visible to users is that they are prompted for a username and password. For developers, their only responsibility is to place protected materials within defined protected zones. Should they need to access the user name or user rights information, it is simply accessed as information that is passed to them by the filter. Other than this, developers can treat the unprotected and protected areas identically.

The advantage of a component based security architecture is that it insulates the user and developer communities from the complexities of implementing a strong security system. This does not mean that the system compromises security for usability. On the contrary, it means that a great deal of effort and testing has been invested to create a reliable solution that others can use without the same expenditure in time and money.

For sites which are subject to rigorous third party audit, the designers have been especially careful to respect and employ standards and practices which have been thoroughly examined by the security community.


Defensive Regimes
table of contents
full printable document





password protection ...
... industrial strength
distributed password protection
iis basic authentication
iis digest authentication

copyright(c) 2003
all rights reserved

design - eggworx.com