Notes User Authentication

User authentication might proceed in at least three ways.

1. Authentication utilizes MathLAN usernames/passwords
   • Example
   • Advantages:
     • For some applications, users already have accounts
     • Users only must remember one password for logging in and for the application
     • MathLAN maintains password tables
   • Disadvantages:
     • User must trust the application to handle passwords for the entire system
     • Breaking into the application might allow the intruder to break into an account
   • Issues:
     • Interception of any transmission of an application password might allow a break into a MathLAN account.
     • Some users may be reluctant to give their MathLAN passwords to an application.
     • Lookup of MathLAN information must prevent inadvertent running of other scripts.
2. Authentication via Application-specific Database Table
   • Example: See Welling and Thomson, Chapter 17 (pages 391-399)
   • Advantages:
     • Access to the system or to other applications does not compromise access to this application
     • Application can provide a reasonably simple, easy-to-use interface
   • Disadvantages:
     • User must remember a special password
     • Application must maintain database of passwords
   • Issues:
     • Interception of any transmission of an application password might allow a break into a MathLAN account.
     • Application must handle all security matters
     • Application must protect itself against database hacks
     • Application must avoid inadvertent running of other scripts.
     • Application must decide whether or not to store password in encrypted form (potential difficulties with either decision)
     • Procedures must be developed in case a user forgets a password,
3. Authentication via HTTP Headers (Two forms, called Basic Authentication and Digest Authentication)
   • Example (See Welling and Thomson, Chapter 17 (pages 399-402)
   • Advantages:
     • Can utilize either MathLAN passwords or application-managed password table(s)
     • Can build password system into very start of a page.
   • Disadvantages:
     • User may be asked for username/password information without knowing the context.
   • Issues:
     • Interception of any transmission of an application password might allow a break into a MathLAN account.