| 摘要 |
<p>The invention relates to configuring security settings in an access control system. An access configurator 10 requests changes to access settings in a security database 11 under the authority of a user of terminal 12. The access configurator provides a user interface, preferably in the form of web pages, for receiving input from the user of the terminal. The user requests changes to the security settings in the database via the user interface and the access configurator then passes the request to an access controller 13. The access configurator also passes user authority information to the access controller, e.g. by forwarding user credentials entered into the user interface, or by passing challenge/response information between the controller and the user terminal. The controller verifies the request before making changes to the security database. The software running on the access configurator does not run under an authority that would allow it to make changes in the database. Instead the software requests changes under the authority of the user requesting the change. As a result, if the software is compromised by a hacker the hacker would not be able to exploit the software to make changes in the database. The requests may be in accordance with LDAP (Lightweight Directory Access Protocol).</p> |
