WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Prevent security bypass

From: Ken Rachynski <krachyn () telusplanet net>
Date: Tue, 4 Feb 2003 14:43:46 -0700
Quoting Chris Neil <Chris.Neil () abs-ltd com>:


FYI. This is an IIS server. Our asp pages check the user is logged in, but
with html pages we cannot.
My only idea so far is to convert all our html pages to asp. Is there
anything less drastic?


My gut reaction to this is to keep the pages on an NTFS drive and lock them
down at that level.  This, however, relies on the users being in the SAM
database and authenticating to that.  The sites I am familiar with used this
method so I'm not sure about other means of authentication.

-- 
Ken Rachynski <krachyn () telusplanet net>
jid:krachyn () jabber tanga dyndns org [http://www.jabber.org/]

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
Previous By Date Next
Previous By Thread Next

Current thread: