|Applies To||RSA ClearTrust 4.7|
iPlanet Directory Server
Microsoft Windows NT 4.0
Microsoft Windows 2000
|Issue||If an application server is protected with an RSA ClearTrust Agent, is it necessary to protect the web server too?|
|Resolution||The answer to this answer is, it depends on the your architecture and/or environment. For instance, all the pages that a user can access by typing the URL directly into a browser, and that this user does not have access to without authentication, must be protected by ClearTrust and the corresponding agent, a firewall, or by both. The URLs could refer to any HTML page, subdirectory, CGIs, JSPs, or ASPs, as well as to any application running on top of the application server.|
If all the URLs that provide access to an application server are protected but the application server accesses other Web servers or other critical resources in the background, it is up to the application server to control the access (for instance, using the ClearTrust runtime API).
In addition, you need the ClearTrust agents or the runtime API in all the servers that require authentication from the user and for which you want to provide SSO.
Given the complexity of some environments, RSA Security Professional Services can be engaged to help you design your security strategy and Web management infrastructure.
|Legacy Article ID||a11547|