Next: 3 How Can Security
Up: 2.3 What Does the
Previous: 2.3.2 Server threats
There are a number of security issues that arise between clients and
servers. These security requirements depend on each other in many cases:
-
Authentication:
- For some potential uses of the web (e.g.,
electronic commerce), it is important that clients authenticate
themselves to servers, that servers authenticate to clients, and that
both authenticate to each other. It is important that a form of
authentication be used that is not easily spoofed, such as
cryptographically signed certificates.
-
Confidentiality:
- Confidentiality is important for web uses that
involve sensitive data. Data exported by web clients or servers may
need to be protected from eavesdropping. For example, services are
available (on-line florist) that require the passing of credit card
information. This requirement will be amplified when other kinds of
data, such as employee records, government files, etc., begin
traversing the web.
-
Integrity:
- Certain transactions have the requirement that
transaction requests and/or contents remain unmodified during delivery.
The electronic commerce example is a case where data integrity is
critical to proper functioning of the system.
-
Availibility:
- This means all the systems are up and running when
they are needed.
Next: 3 How Can Security
Up: 2.3 What Does the
Previous: 2.3.2 Server threats
Denis Arnaud
12/19/1997