System Security

Security was an important consideration in developing this system. Only authorised people should be able to create login accounts. Five levels of security have been implemented.

  1. The HTTP server is located on a secure network. It cannot be accessed from outside this network, other than for HTTP. Most of the authorised users are also on this secure network.

  2. The directory containing the HTML forms and documents used by the system is protected via the CERN HTTP server's access control methods. Only authorised IP addresses can access the documents.

  3. The CGI scripts are protected by testing for the IP address of the calling client. Again only authorised IP addresses are allowed access.

  4. The electronic mail messages sent to the servers are coded in such a way as to ensure that they are from where they claim to be and that the contents have not been tampered with.

  5. A log is maintained of all messages e-mailed to servers, each entry with a date and time stamp.
The security is probably not foolproof but would make it difficult for someone to break in. It is also important to balance the risk. Since all of the systems on which accounts are to be created do not contain sensitive data, the risk is low. However, were the procedure to be extended to cater for systems where sensitive data is stored, then a more detailed examinination of security strategies would be required.
Return to Implementation page...