WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Prevent security bypass

From: "David Cameron" <dcameron () itis-now com>
Date: Wed, 5 Feb 2003 09:50:15 +1100
They are the client so they control the client side code. Javascript, VBScript and any other client side solutions will 
only stop the casual browser, no more.

regards
David Cameron
nOw.b2b
dcameron () itis-now com


-----Original Message-----
From: Igor Guarisma [mailto:iguarism () yahoo com]
Sent: Wednesday, 5 February 2003 8:43 AM
To: 'webappsec () securityfocus com'
Subject: Re: Prevent security bypass


There might be a way if you use cookies and
JavaScripts


-----
Igor Guarisma
Universidad Centra de Venezuela
Facultad de Ciencias
EScuela de Computación


 --- Chris Neil <Chris.Neil () abs-ltd com> escribió: > I
am new to this mailing list and so hope this

conforms to the guidelines as
I read them.

How do people address the issue of non-authenticated
users requesting html
pages directly from a site without logging in?

FYI. This is an IIS server. Our asp pages check the
user is logged in, but
with html pages we cannot.
My only idea so far is to convert all our html pages
to asp. Is there
anything less drastic?


Chris Neil
  Security Officer
  Chris.Neil () abs-ltd com
-------------------------------------------
ABS 
  Tel:     +44 (0) 1993 771221
  Fax:    +44 (0) 1993 775081
-------------------------------------------
 


=====


_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: