Hosting Provided By

Re: Prevent security bypass

From: Chris Travers <chris(at)travelamericas.com>
Date: Tue Feb 04 2003 - 15:07:07 EST

To do this in IIS:

Set authentication options in IIS nto to allow anonymous.
Assign appropriate NTFS permissions on directories.

Exact steps will vary with IIS version.

I too prefer Apache. But IIS is capable of doing this.

Best Wishes,
Chris Travers
----- Original Message -----
From: "Ulrich P." <spam@wir-sind.org>
To: "Chris Neil" <Chris.Neil@abs-ltd.com> Cc: <webappsec@securityfocus.com>
Sent: Tuesday, February 04, 2003 9:33 AM Subject: Re: Prevent security bypass

>
> you could convert your webserver into an apache and then use
guidelines as
> > I read them.
> >
> > How do people address the issue of non-authenticated users requesting
html
> > pages directly from a site without logging in?
> >
> > FYI. This is an IIS server. Our asp pages check the user is logged in,
but
> > with html pages we cannot.
> > My only idea so far is to convert all our html pages to asp. Is there
> > anything less drastic?
> >
> >
> > Chris Neil
> > Security Officer
> > Chris.Neil@abs-ltd.com
> > -------------------------------------------
Received on Tue Feb 4 17:02:24 2003

This message: [ Message body ]
Next message: Ken Rachynski: "Re: Prevent security bypass"
In reply to Ulrich P.: "Re: Prevent security bypass"
Next in thread: c3rb3r: "Re: Prevent security bypass"
Reply: Ken Rachynski: "Re: Prevent security bypass"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:48 EDT