WebApp Sec mailing list archives
Re: Prevent security bypass
From: Adrian Wiesmann <awiesmann () swordlord org>
Date: Tue, 4 Feb 2003 20:55:25 +0100
you could convert your webserver into an apache and then use .htaccess-files to protect whole directory-trees. this may somehow seem to be a drastic solution, but in fact it's not. ;-) SCNR...
This is at least what Gartner said, isn't it? :) Anyway. Why don't you use the built in NT Authentication within IIS? (Are your users NT users or checked by your own user/password set?) You could also tell IIS to parse your HTML as if it were ASP and then just add your ASP code to those files as an include for minimal work. There would also be the possibility to add a wrapper around the direct HTML access in ASP, so your HTML files get read by an ASP file and get only forwarded to the client after successfull authentication. There are most surely also other possibilities, but you would need to provide further details. Regards, Adrian
Current thread:
- Re: Prevent security bypass, (continued)
- Re: Prevent security bypass Kalyan Varma (Feb 04)
- Re: Prevent security bypass Igor Guarisma (Feb 05)
- RE: Prevent security bypass Adam (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 06)
- RE: Prevent security bypass Adam (Feb 06)
- RE: Prevent security bypass Larry Seltzer (Feb 06)
- Re: Prevent security bypass Chris Travers (Feb 06)
- Re: Prevent security bypass Chris Travers (Feb 06)
- Re: Prevent security bypass Ulrich P. (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 04)
- Re: Prevent security bypass c3rb3r (Feb 04)
- Re: Prevent security bypass Adrian Wiesmann (Feb 04)
- Re: Prevent security bypass sunzi (Feb 07)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- HTTP Header and POST Data Exploitation Rahul Chander Kashyap (Feb 08)
- RE: HTTP Header and POST Data Exploitation Indian Tiger (Feb 09)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- RE: Prevent security bypass Vinny Bedus (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 05)