In order to edit Michael Wallick's Homepage you must obtain a password.
The password is e-mailed to any one of the authorized editors and only good for a period of 1 hour after it was issued. The burden of security is placed on the e-mail rather than this webpage.
What is this, and why am I doing it? This is basically a prototype for an idea of mine for collobrative web editing. I'm the webmaster of my Temple. There are a lot of people who want to have access to a specific page or two of the webpage, i.e. each committee chair wants to be able to change the content of his/her page at the drop of a hat. This either causes a lot of work for me, they send me the page and I have to get it uploaded, or a huge security breech in that I have to share the password with a lot of people. For now we are going with the former option - but that leaves me as a bottle neck in the procedure. Since most of the people who would want to make changes are not expert computer users, giving out the password to make changes to the site would be very foolish as they do not fully understand security and are likely to not keep it secure.
One thought is of course to use a WIKI, but we can't do that because the hosting service does not have support for WIKIs and also we still have password issues. I want a solution in which I have total control over who can access to make changes, and what they can change. I also want to make sure that the editors cannot do too much damage by handing out passwords and get some feelings for the need of security.
Enter my idea: The server contains a list of authorized editors, and their e-mail address. Through a page (like this one) the editor selects their name. A CGI script looks up the name and e-mail address and randomly generates a password. That password is stored on the server and is kept for up to one hour. After the password expires, the editor needs to request a new password. Providing the password brings the user to an editor page that they change change the webpage as they see fit. The password needs to be provided again to save the changes (to ensure no one happens on the editor page).
The Security Concerns: Most of the security has been shifted to the responsibility of the e-mail system. (This makes the assumption that users will keep their e-mail private, which I believe most do!) As the webmaster I simply need to confirm the identity/e-mail of all of the authorized users. Since this is a for a fairly small community that can be done in person. If this was to be implemented in a larger system something akin to a digital signature could be employed.
Are My Problems And Concerns Addressed? I believe the answer is yes! 1) I am not the bottleneck or the only person who can make changes to the page! 2) I control who can change what page, and can revoke that permission easily. As the webmaster, I'm the only person with that power. 3) The webpage password only remains with me. 4) If someone decides to give out the password, they either have to (a) give up their e-mail password, something that most would not do or (b) give out the temporary password which limits the "damage" that can be done. 5) Real passwords are not exchanged in any way, i.e. I don't have to collect passwords (electronically or otherwise) and a temporary (strong?) password is e-mailed by the system.
I came up with this idea on my own, but I'm not a security guy. If this idea was already implemented by someone, please let me know, so that I can give proper credit! Also if you come up with a hole in my logic or can find a hole in the page, please let me know so that I can correct it!
(C) Michael Wallick - July 2005