WebApp Sec mailing list archives
Re: Control of cookies???
From: m.delibero () comcast net
Date: Wed, 28 Jan 2004 15:20:59 +0000
He can't use .htaccess because IIS doesn't support that. There are a few ways however the most secure way was already mentioned where you have the documents off of the web document root and request them through a page. Another way is if only a certain set of user's will be accessing these documents you could setup NTLM for that folder and allow only these users access to that folder. You could also setup a login and then from there either save the authenticated information in a cookie or a session, this is also probably the easiest to implement insecurely though. Thanks, Mike
On Wednesday 28 January 2004 14:03, Marcelo Caffaro wrote:Hello Guys, anyone can help-me to send ideas, solutions or samples to manage the session of one website. For Sample, i have one site (IIS) and below this structure of site i have the folder named docs, but if i put the complete url of the website document, everyone can see my document. I need create one method to authenticate my user, i dont know if cookie control is a best solution but i need to arrest the user, ip and cookie to control the user access, if the user is not authenticated the user cannot see the documents. Anyone can help-me? Sorry my englishI've understand you, that not everybody should have acces to your document folder, is that right? why don't you use htaccess ??
Current thread:
- Control of cookies??? Marcelo Caffaro (Jan 28)
- Re: Control of cookies??? Erik Kangas (Jan 28)
- Re: Control of cookies??? Christian Schneemann (Jan 28)
- RE: Control of cookies??? Curt Purdy (Jan 28)
- <Possible follow-ups>
- Re: Control of cookies??? m . delibero (Jan 28)