User-based access control

• verify userid/password against almost any source

  • file, unix, ldap, athens, etc.

• browser->server is effectively cleartext

  • unless using SSL
  • beware of reducing privacy of passwords

• password transmitted for each request

  • many opportunities for theft

Previous slide

Next slide

Back to first slide

View graphic version