Web Security Interface Integrity

Chad Childers
Ford Motor Company

Mike O'Connor
Silicon Graphics, Inc.

Under Construction

Half Baked Ideas ahead (happy, Hugh?). If you have something to contribute, please contact the authors.


When is a World Wide Web interface suitable for a given application? If that application is a WWW security tool itself, the natural answer might be more complex than immediately obvious.


The utility of a Web interface depends upon user tolerance and expertise in modifying configuration tables by hand. Much of what originally seemed a straightforward configuration of Web tools is beyond the capabilities of the current crop of Web users and corporate webmasters.

Another issue with administration interfaces is that there are two times when you want to edit by hand: in configuration files or control files that are too complex for the interface to handle, and when you have a large number of changes to make at once, like importing a list of users from a passwd file.

The GUI always seems to be very limited, both on commercially produced and in-house tools. One tool requires that you go in on the command line to actually deal with going back and looking at old RCS versions, or deleting a book, or adding a new publisher. The straightforward, day-to-day operations can be performed using the Web interface, but complex operations take manual intervention.

There is no real reason that this is always the case, you *can* write a web interface to do anything, but somehow it never seems to happen, even with commercial products. Of course, with INN for example there are design constraints, but there is just a basic difference implicit in the design of administration tools that doesn't appear to lend itself to ultra-friendly interface.

The perception of users, on the other hand, is that a "real" GUI interface is more suitable and more secure than a WWW-based administration scheme, and the perception of administrators may be that the command line is superior.

Copyright © 1997 - All rights reserved.
creation:21 Apr 97
last update: 3 Mar 97
Chad Childers