頁籤選單縮合
題 名 | 網際網路應用程式安全驗證機制之介紹與實作=The Introduction and Design of the Security Authentication Mechanism for the Web-Based Application |
---|---|
作 者 | 陳志坪; | 書刊名 | 電信研究 |
卷 期 | 32:3 2002.06[民91.06] |
頁 次 | 頁315-327 |
分類號 | 448.6 |
關鍵詞 | 匿名驗證; 基本驗證; 挑戰/回應驗證; 摘要式驗證; Anonymous authentication; Basic authentication; Challenge/response authentication; Digest authentication; |
語 文 | 中文(Chinese) |
中文摘要 | 網際網路風起雲湧,曾經盛極一時。如今雖然光環已逝,然網際網路並非已死,它仍然為資訊科技的應用帶來丕變,應用系統開發人員及程式設計師對此當不漠然。 以往開發應用軟體系統使用Client-Server架構,其限制頗多,效能不佳。隨著網際網路應用風潮之崛起,現今之應用系統開發率皆採用Web-Based架構進行設計,然而網際網路之延伸無遠弗屆,系統的來訪者近則來自企業內網站(Intranet),遠則擴及Internet。該如何有效識別來訪者之身分並授與一定之權限,且能有效防止駭客入侵,實為架設於網際網路之應用系統,不可不重視之議題。 本文將討論在微軟公司的網際網路伺服器IIS(Internet Information Server)上可採行的網路安全驗證機制並比較其優缺點,再以一個模仿Windows NT Challenge/Response驗證模式的實作範例,提供給讀者一個屬於自己的安全認證機制,這個驗證機制兼具高度安全性以及在User Base很大的情況下提供高效能之驗證表現。 中華電信公司內部有越來越多的資訊系統採用Web-Based架構進行設計。本文期望能喚起所有參與此類系統開發之設計人員對網際網路安全驗證機制之重視。 |
英文摘要 | One year ago, internet were all the rage. Now it is no longer in vogue. But internet is not dead, it still direct the metamorphism of the information technology. All of the member in this field can agree that. Over the past few years, human develop a software application with client-server architecture, which has many limitations and low performance. Today, almost application system designed with web-based architecture. How can we validly authenticate the visitors from intranet or internet? And then give them specific authority. And how can we protect our web site from attacking by hackers? We should take care all of these problems. This paper describes most user authentication methods on IIS server, and their excellence and drawbacks. I will provide an authentication model like Windows NT Challenge/Response authentication, which has high security and high performance under high user basis. Our company has more and more information system designed with web-based infrastructure. I hope that all of the member they involve with web-based application design could maximize the internet security problem. |
本系統中英文摘要資訊取自各篇刊載內容。