This invention relates to web serving generally and has particular applicability to methods and systems for providing secure web serving of data of any sort that may be accessed by an internal server secured behind a firewall, so that from the point of view of the web browser the data appears to be directly accessible to the web.
There are many situations in computer networks where a gateway needs to be maintained to keep data within an “Inside” area from being accessible or manipulable by users in an “Outside” area. A typical example would be the reservation data in an airline reservation system would be Inside, and preferably only accessible to people or users the airline would want to be able to use that data. Otherwise unauthorized users could book flights in the names of phantom passengers and cause other mischief for the airline. Another example could be a bank's account data, to which an account Holding user might want access. Providing access to such data over the World Wide Web, or the Internet, means a risk of security breaches and unauthorized users accessing the data or manipulating it without desired authorization. For example, in a system where a user could pay bills through access to his account over the Internet, an unauthorized user having access could as easily pay himself the contents of the account Holder's account.
Accordingly, many “firewalls” have been developed. These include the FIREWALL-1™, and an application level firewall gateway called InterLock™, available from Advanced Network Services (Reston, Va.). Trusted Information Systems, Inc. (Glenwood, Md.) produces a firewall gateway called Gauntlets™. Other such products are available through Raptor Systems (Wilmington, Del.), Milkyway Corporation and Seachange Corporation (of Ontario, Canada). There are various other solutions to maintaining internal data safe from errant web browsers, and numerous companies that produce computer and software products produce proprietary systems. In the U.S. Pat. No. 5,903,732, (incorporated herein in its entirety by this reference) issued to Reed et al, a single computer having a partitionable operating system provides gateway access to a web browser. On the “external” (i.e., Internet visible) side, which contains the web server, an index or table of CGIs corresponds to actual CGIs that should be available on the other side of a partition (or firewall). If the web browser has asked for a CGI in the table, the Reed system can call the CGI in the internal partition to retrieve application database information for a web browser on the Internet. Reed does not teach how to obtain HTML pages, data, or images using this method, instead he makes such data available in a “SYSLO” area to which the Web server has direct access.
It is important that the CGI definition be clarified here before we continue since its functions and limitations provide much of the basis for the problems and the solutions described herein. A CGI or Common Gateway Interface, is an executable program (or script) that can obtain or generate a single object and return it to the calling entity. It supplies the middleware among World Wide Web servers external databases, and other information sources. The CGI interface defines a method for the Web server to accommodate additional programs and services that may be used to access external applications from within the context of any active Web document. Working in tandem with HTTP server applications (httpd's) CGI applications can service requests made by web clients by accepting requests for services at the server's behest, handling those requests and sending appropriate responses back to the client. A client HTTP request consists of a Uniform Resource Locator (URL), a request method, and other important information (like “environmental” variables) about the request provided by the server. The CGI specification at the present time is located at http://Hoohoo.ncsa.uiuc.edu/cgi/interface.html.
In the Reed, et al. reference (hereinafter just “Reed”), the web server in the external partition cannot communicate directly with the CGI applications, but has a plurality of outside CGI links to the CGI applications that are located in the inside compartment. Reed attempts to form a link between the Web server and the gateway server program and if accepted the gateway server creates a new process invoking the corresponding CGI, and connecting the HTTP data stream to the CGI application. Such a system may work well when one has a partitionable operating system as is used in Reed, but it does not work well in systems with non-partitionable Operating Systems (OS's) or for systems using separate computers altogether for the inside and outside compartments. (Though the Reed patent states that Windows NT is partitionable, at the time of Reed's filing it was not, to the knowledge and belief of the inventors herein, although the UNIX version they were using was appropriately partitionable). Further, because of the set-up procedures required for the Reed system, the dynamic flexibility that could be available is not. Also in Reed, the images, data and other files in the SYSLO are retrieved by a different mechanism than the one described for invoking CGl's on the “Inside” partition.
Accordingly there is a need to provide a system of handling requests from Web servers securely that works well with separate computer systems for inside and outside compartments. There is also a need to provide a system for handling various types of web object requests, including CGI requests, requests for HTML static files, downloadable data files, image files, and the like, securely in such systems. Also, alternatives to Reed are required or may be desirable that are more flexible and do not require the set-up procedures needed in a system like Reed's when applications are changed, whatever the system. Details of the problems inherent in other systems will be described in further depth as the description of the inventive features are set forth in the Detailed Description section below.
Although sufficient detail is provided herein to enable one of ordinary skill in these arts to be able to make and use the inventive concepts taught herein, additional background and fuller understanding of the art may be had with reference to some patent art including, for understanding concepts such as gateways and multilevel authentication, the U.S. Pat. No. 6,072,870 issued to Nguyen et al, and U.S. Pat. No. 6,067,023 to Blakley III et al. A process for detecting cookie data and other data (called trigger events in the reference) is described in U.S. Pat. No. 6,085,224 issued to Wagner. These three patents are incorporated herein in their respective entireties by this reference.
In general, where there are particular restrictions on system configuration such as a corporate security rule requiring that no database data, or no confidential data at all be maintained on Internet-visible (i.e., “outside”) systems, or disallowing passage of HTML transactions from the Internet to a server inside the corporate firewall, even if those transactions are proxied so as to shield the server system from direct Internet access; such restrictions and other similar ones must be accommodated. Thus, a Web application built using CGIs, and referencing data deemed to be confidential, must have its code co-located with its server outside the firewall, and its sensitive data inside. Applications designed for co-located code and data must undergo significant re-engineering to operate in this manner unless initially set up this way. Moreover, to provide failure resiliency in this environment requires both the application and the data to reside on resilient platforms, greatly increasing the platform cost compared to co-locating the application with the data because one would have to provide two resilient platforms. (Resiliency is a form of architecture that has no single point of failure. In most definitions, it means there is fail-over capability. Redundant systems also provide resiliency but require or assume concurrent operations instead of employing a hot standby. Redundancy can be considered a form of resiliency.)
Attempting to overcome some or all of these difficulties, challenges, and limitations has led to the invention and its features described herein below.