WebApp Sec mailing list archives
RE: Prevent security bypass
From: "Vinny Bedus" <vbedus () BitChangers com>
Date: Tue, 4 Feb 2003 19:13:57 -0500
Chris, You could create an ISAPI filter that would do the trick. You basically could have the ISAPI filter check for the existence of some authentication cookie, etc. There may already be existing ones out there as well. You could also use Site Server's authentication component, or commerce server should be able to do the trick (both very expensive solutions). Hope it helps. Vinny Bedus http://www.BitChangers.com/ -----Original Message----- From: David Cameron [mailto:dcameron () itis-now com] Sent: Tuesday, February 04, 2003 5:50 PM To: webappsec () securityfocus com Subject: RE: Prevent security bypass They are the client so they control the client side code. Javascript, VBScript and any other client side solutions will only stop the casual browser, no more. regards David Cameron nOw.b2b dcameron () itis-now com
-----Original Message----- From: Igor Guarisma [mailto:iguarism () yahoo com] Sent: Wednesday, 5 February 2003 8:43 AM To: 'webappsec () securityfocus com' Subject: Re: Prevent security bypass There might be a way if you use cookies and JavaScripts ----- Igor Guarisma Universidad Centra de Venezuela Facultad de Ciencias EScuela de Computación --- Chris Neil <Chris.Neil () abs-ltd com> escribió: > I am new to this mailing list and so hope thisconforms to the guidelines as I read them. How do people address the issue of non-authenticated users requesting html pages directly from a site without logging in? FYI. This is an IIS server. Our asp pages check the user is logged in, but with html pages we cannot. My only idea so far is to convert all our html pages to asp. Is there anything less drastic? Chris Neil Security Officer Chris.Neil () abs-ltd com ------------------------------------------- ABS Tel: +44 (0) 1993 771221 Fax: +44 (0) 1993 775081 -------------------------------------------===== _________________________________________________________ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com
Current thread:
- Re: Prevent security bypass, (continued)
- Re: Prevent security bypass Ulrich P. (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 04)
- Re: Prevent security bypass c3rb3r (Feb 04)
- Re: Prevent security bypass Adrian Wiesmann (Feb 04)
- Re: Prevent security bypass sunzi (Feb 07)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- HTTP Header and POST Data Exploitation Rahul Chander Kashyap (Feb 08)
- RE: HTTP Header and POST Data Exploitation Indian Tiger (Feb 09)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- Re: Prevent security bypass Ulrich P. (Feb 05)
- Re: Prevent security bypass Ken Rachynski (Feb 04)
- RE: Prevent security bypass David Cameron (Feb 04)
- RE: Prevent security bypass Vinny Bedus (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 05)
- RE: Prevent security bypass Vinny Bedus (Feb 05)
- RE: Prevent security bypass Logan F.D. Greenlee (Feb 05)
- RE: Prevent security bypass Kim Christiansen (Feb 05)
- RE: Prevent security bypass Mark Mcdonald (Feb 05)
- Re[2]: Prevent security bypass M. Austin Hill (Feb 05)
- RE: Prevent security bypass TUER, DON (Feb 06)
- Re: Prevent security bypass Alex Russell (Feb 06)
- Re: Prevent security bypass Adrian Wiesmann (Feb 06)
- Re: Prevent security bypass Chris Travers (Feb 07)