Hosting Provided By

Re: Prevent security bypass

From: sunzi <sunzi(at)mod-x.co.uk>
Date: Fri Feb 07 2003 - 20:18:40 EST

IMHO the answer is quite simple ....

CAVEAT: 'converting' from HTML to ASP doesn't necessarily mean changing <p>text</p> to response.write("<p>text</p>").

convert (rename each 'html' page) to ASP and use a standard include file  which provides the authenticaiton routine.

I know I'm going to catch sh!t here cause I used .inc, but you can easily mitigate this by turning off read access in IIS to directories that only hold files included by other files (such as /scripts/)

hth,
sunzi

Original Message ----- From: "Chris Neil" <Chris.Neil@abs-ltd.com> To: <webappsec@securityfocus.com> Sent: Tuesday, February 04, 2003 11:59 AM Subject: Prevent security bypass

> I am new to this mailing list and so hope this conforms to the guidelines
as
> I read them.
Received on Fri Feb 7 20:27:54 2003

This message: [ Message body ]
Next message: Ernie Nelson: "Re: Prevent security bypass"
Previous message: Chris Travers: "Re: Prevent security bypass"
In reply to: Chris Neil: "Prevent security bypass"
In reply to TUER, DON: "RE: Prevent security bypass"
Next in thread: Ernie Nelson: "Re: Prevent security bypass"
Reply: Ernie Nelson: "Re: Prevent security bypass"
Reply: Scott Mulcahy: "Re: Prevent security bypass"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:48 EDT

Do you need help?