WebApp Sec mailing list archives
Re: Prevent security bypass
From: Ken Rachynski <krachyn () telusplanet net>
Date: Tue, 4 Feb 2003 14:43:46 -0700
Quoting Chris Neil <Chris.Neil () abs-ltd com>:
FYI. This is an IIS server. Our asp pages check the user is logged in, but with html pages we cannot. My only idea so far is to convert all our html pages to asp. Is there anything less drastic?
My gut reaction to this is to keep the pages on an NTFS drive and lock them down at that level. This, however, relies on the users being in the SAM database and authenticating to that. The sites I am familiar with used this method so I'm not sure about other means of authentication. -- Ken Rachynski <krachyn () telusplanet net> jid:krachyn () jabber tanga dyndns org [http://www.jabber.org/] ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
Current thread:
- RE: Prevent security bypass, (continued)
- RE: Prevent security bypass Larry Seltzer (Feb 06)
- Re: Prevent security bypass Chris Travers (Feb 06)
- Re: Prevent security bypass Ulrich P. (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 04)
- Re: Prevent security bypass c3rb3r (Feb 04)
- Re: Prevent security bypass Adrian Wiesmann (Feb 04)
- Re: Prevent security bypass sunzi (Feb 07)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- HTTP Header and POST Data Exploitation Rahul Chander Kashyap (Feb 08)
- RE: HTTP Header and POST Data Exploitation Indian Tiger (Feb 09)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- Re: Prevent security bypass Ken Rachynski (Feb 04)
- RE: Prevent security bypass David Cameron (Feb 04)
- RE: Prevent security bypass Vinny Bedus (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 05)
- RE: Prevent security bypass Vinny Bedus (Feb 05)
- RE: Prevent security bypass Logan F.D. Greenlee (Feb 05)
- RE: Prevent security bypass Kim Christiansen (Feb 05)
- RE: Prevent security bypass Mark Mcdonald (Feb 05)
- Re[2]: Prevent security bypass M. Austin Hill (Feb 05)
- RE: Prevent security bypass TUER, DON (Feb 06)
- Re: Prevent security bypass Alex Russell (Feb 06)
- Re: Prevent security bypass Adrian Wiesmann (Feb 06)