With a commercially available web browser, a user can obtain information, such as a document or records from a database, from a web server over the Internet. The web server can access documents directly, or it can access a database through a common gateway interface (CGI) program. When the web server requests data from the database in response to the user's request, a CGI program is executed to create a query to the database, to format results from the database in HyperText Markup Language (HTML), and to provide the results to the web server for transmission to the user.
To access the database during a succession of requests, the web server creates and executes a separate local CGI program for each request. Each process opens the database, retrieves data specific to the request, and closes the database. Between requests, the web server does not preserve any state information. Consequently, any subsequent request for information from the database requires that a subsequent CGI process perform the same steps, i.e., open database, retrieve data, and close database. Such execution of successive programs for successive requests to access the database is computationally inefficient.
Communications between the web browser and the web server are typically made according to the HyperText Transfer Protocol (HTTP). A concern with such transfers of information is that HTTP is generally not secure. With a commercially available "packet sniffer," an intruder can intercept packets transmitted over the Internet. To provide additional security, public-key authentication and encryption can be added to HTTP. Authentication refers to a mechanism by which the transacting parties prove they are who they claim to be; and encryption refers to the altering of data so that it cannot be easily read or modified if intercepted. Such systems, however, do not provide authorization, i.e., the restriction of access to data based on a user's identity.
To provide more security functions, the web browser and web server can use the Distributed Computing Environment (DCE) from the Open Software Foundation (OSF) of Cambridge, Mass. With a DCE-based system, requests from the web browser are provided to a secure local proxy (SLP), which tunnels the requests to a DCE-aware web server via DCE Remote Procedure Call (RPC). Security based on RPC communications enables authorization in addition to other security features.