1.Server security -- ensuring security relating to the actual data or private HTML files stored on the server 2.User-authentication security -- ensuring login security that prevents unauthorized access to information 3.Session security -- ensuring that data is not intercepted as it is broadcast over the Internet or Intranet These layers can be seen as layers of protection. For each layer of security added, the system becomes more protected. However, these layers can be broken if there is a weak link.
Server security involves limiting access to data stored on the server. Although this field is primarily the responsibility of the network administrator, the process of publishing data to the Web often requires information systems specialists to take an active hand in installing and implementing the security policy. The two primary methods in which information from databases is published to the Web are the use of static Web pages and active dynamic Web page creation. These two methods require almost completely different security mechanisms.
Static Web Pages
Static Web pages are simply HTML files stored on the server. Many database specialists consider static page creation the simplest and most flexible method of publishing data to the Web. In a nutshell, a client program is written to query data from a database and generate HTML pages that display this information. When published as static Web pages, Web files can be uploaded to any server; for dynamic creation, however, the Web server usually must be modified.
The creation of the pages uses standard methods of database access control such as database security and login controls. Once created, the files must be uploaded to the Web server. Protecting the documents stored there occurs in the same manner that any other Web documents would be secured. One of the most straightforward ways to protect sensitive HTML documents is to limit directory browsing. Most Web servers allow directories to be configured so that files stored within them may be read but the files may not be listed in the directory. This technique prevents any user who does not know the exact filename from accessing it. Access may be permitted by simply distributing the exact filenames to authorized personnel.
Dynamic Page Generation
Popular with large organizations, this...