Notes


References On The Internet:

unixpapa.com
A Guide to Web Authentication Alternatives
recommended reading for a thorough overview on matters surrounding authentication on http servers. includes the interesting observation that the chances at guessing the correct MD5 hash of a username/password combination is: 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456

securiteam.com
Considerations for IIS Authentication
describes how using the builtin authentication mechanisms of IIS allow the brute forcing of administrator accounts

extremetech.com
Additional Internet Explorer/Apache Problems Surface
IIS must be run on the same machine that is the domain controller for digest authentication to work.

eweek.com
IE, Apache Clash on Web Standard
apache foundation refuses to support internet explorer version digest authentication

microsoft.com
Microsoft Knowledge Base Article - 222028
If the server running IIS is not a Active Directory Server, or does not have access to the Active Directory, digest authentication will not work.

msdn *
Performance Comparison: Security Design Choices
Building Distributed Applications with .NET

msdn * Building and Configuring More Secure Web Sites
Security Best Practices for Windows 2000 Advanced Server, Internet Information Services 5.0, SQL Server 2000, and the .NET Framework

15seconds.com *
15 Seconds : Complying with IT's Security Requirements for Web Applications

robertgraham.com
network sniffing faq detailing the theoretical and practical requirements to mount password sniffing attacks


rfc2616   *
Hypertext Transfer Protocol -- HTTP/1.1

rfc2617   *
HTTP Authentication: Basic and Digest Access Authentication

rfc1321   *
The MD5 Message-Digest Algorithm

rfc2396   *
Uniform Resource Identifiers (URI): Generic Syntax

rfc2965   *
HTTP State Management Mechanism

rfc2109   *
HTTP State Management Mechanism

rfc2045   *
Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies

rfc2869   *
RADIUS Extensions

rfc2139   *
RADIUS Accounting

rfc2865   *
Remote Authentication Dial In User Service (RADIUS)

rfc2828   *
Internet Security Glossary

 


Purchase Wanderware Product Activation Key
System Requirements
table of contents
full printable document

 

 

 

 

W
wander
ware
 
password protection ...
... industrial strength
distributed password protection
iis basic authentication
iis digest authentication

copyright(c) 2003
all rights reserved
sitemap

design - eggworx.com