WebApp Sec mailing list archives

Re: Prevent security bypass

From: Kalyan Varma <kalyan () yahoo-inc com>
Date: Wed, 5 Feb 2003 04:28:45 +0530 (IST)


you could issue a cookie, and then write an ISAPI filter to validate each
request as it comes in.

- kalyan

On Tue, 4 Feb 2003, Chris Neil wrote:

I am new to this mailing list and so hope this conforms to the guidelines as
I read them.

How do people address the issue of non-authenticated users requesting html
pages directly from a site without logging in?

FYI. This is an IIS server. Our asp pages check the user is logged in, but
with html pages we cannot.
My only idea so far is to convert all our html pages to asp. Is there
anything less drastic?


Chris Neil
  Security Officer
  Chris.Neil () abs-ltd com
-------------------------------------------
ABS
  Tel:     +44 (0) 1993 771221
  Fax:    +44 (0) 1993 775081
-------------------------------------------

Current thread:

Prevent security bypass Chris Neil (Feb 04)
- Re: Prevent security bypass Kalyan Varma (Feb 04)
- Re: Prevent security bypass Igor Guarisma (Feb 05)
- RE: Prevent security bypass Adam (Feb 05)
  - Re: Prevent security bypass Chris Travers (Feb 06)
    - RE: Prevent security bypass Adam (Feb 06)
    - RE: Prevent security bypass Larry Seltzer (Feb 06)
    - Re: Prevent security bypass Chris Travers (Feb 06)
- Re: Prevent security bypass Ulrich P. (Feb 05)
  - Re: Prevent security bypass Chris Travers (Feb 04)
  - Re: Prevent security bypass c3rb3r (Feb 04)
  - Re: Prevent security bypass Adrian Wiesmann (Feb 04)

(Thread continues...)