RE: Prevent security bypass

It depends how secure you want it as a lot of people have said but I would personally go for what you suggested as bar the v.expensive suggestions or the ones relying on being on the same NT network you arent going to get anything very secure. We have a secuirty script called on each secure page. The overhead doesnt seem that bad tbh.

Adam

-----Original Message-----
From: Chris Neil [mailto:Chris.Neil@abs-ltd.com] Sent: 04 February 2003 17:00
To: 'webappsec@securityfocus.com'
Subject: Prevent security bypass

I am new to this mailing list and so hope this conforms to the guidelines as I read them.

How do people address the issue of non-authenticated users requesting html pages directly from a site without logging in?

FYI. This is an IIS server. Our asp pages check the user is logged in, but with html pages we cannot.
My only idea so far is to convert all our html pages to asp. Is there anything less drastic?

Chris Neil
  Security Officer
  Chris.Neil@abs-ltd.com

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek