Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: Running script only within a specific domain/network

by sundialsvc4 (Abbot)
on Jul 19, 2017 at 14:43 UTC ( #1195478=note: print w/replies, xml ) Need Help??


in reply to Running script only within a specific domain/network

Another strategy to consider is the use of LDAP (nee Microsoft OpenDirectory®), which is commonly used in institutions of any size and which therefore might be available on the particular subnet that you expect to be running on.   The advantage is that, if the institution is using LDAP in association with “single sign-on,” it can be a trustworthy but external and centrally-managed authority which can vouch not only as to exactly where you are, but also who you are, and what you are authorized to do.

LDAP can be applied, for example, by the web/application server itself, blocking access altogether if you are not an authorized user.   (Importantly:   “as determined by the security department, not by the application.”)   Similarly, your application can query it for authoritative information about who your current user is, and what your current user is to be authorized to do.   (And of course to double-check that an unauthorized user didn’t manage to “sneak in.”)   Instead of being a “home-grown” strategy that is applied at the whim of each piece of software’s implementation (and that can only be changed by diddling with that application’s one-of-a-kind databases and/or source code), it is a thing that can be centrally managed at the enterprise level.   And so it is frequently a good thing to tap into when you know that the software is for internal use only.   It certainly simplifies things a great deal.   The enterprise sets a standard for security management, and applications simply comply with it, doing as they are told by “the man upstairs.”

Other institutions with differing requirements use Kerberos, which is a conceptually similar system albeit with a very different architecture.

Needless to say, Perl (like all major languages) contains excellent available support for both in its CPAN library.

  • Comment on Re: Running script only within a specific domain/network

Replies are listed 'Best First'.
Re^2: Running script only within a specific domain/network
by jdporter (Canon) on Jul 19, 2017 at 16:07 UTC
    LDAP (nee Microsoft OpenDirectoryŽ)

    Getting so many errors into so few words is... prodigious.

    1. Open Directory (with a space) is from Apple.
    2. Microsoft's product is Active Directory (AD).
    3. LDAP significantly predates AD.
    4. AD (unlike OD) is not an implementation of LDAP but is built on top of it.
    I reckon we are the only monastery ever to have a dungeon stuffed with 16,000 zombies.
Re^2: Running script only within a specific domain/network
by hippo (Abbot) on Jul 19, 2017 at 14:50 UTC
    LDAP (nee Microsoft OpenDirectoryŽ)

    Nope

Re^2: Running script only within a specific domain/network
by shmem (Chancellor) on Jul 19, 2017 at 16:11 UTC

    LDAP? Kerberos? In what way are these related to the OPs question?

    perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
Re^2: Running script only within a specific domain/network
by Anonymous Monk on Jul 19, 2017 at 14:54 UTC
    another train wreck of a post, are you happy now?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1195478]
help
Chatterbox?
and the monastery is silent...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (2)
As of 2017-12-16 01:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    What programming language do you hate the most?




















    Results (447 votes). Check out past polls.

    Notices?