Re: Prevent security bypass

["Ulrich P." <spam () wir-sind org>]

you could convert your webserver into an apache and then use 
.htaccess-files to protect whole directory-trees.
this may somehow seem to be a drastic solution, but in fact it's not. ;-)
SCNR...

no, to be seriuos. I'm not used to IIS, but there should also be a 
simple method to do http-authentication and directory protection.

as I can't provide you with details, I would recommend you a quick 
google-search on that topic. that should help.

or someone else wants to describe it to us...? (got nearly curious now, 
I admit...)

best regards,

ulrich



Chris Neil wrote:
> I am new to this mailing list and so hope this conforms to the guidelines as
> I read them.
>
> How do people address the issue of non-authenticated users requesting html
> pages directly from a site without logging in?
>
> FYI. This is an IIS server. Our asp pages check the user is logged in, but
> with html pages we cannot.
> My only idea so far is to convert all our html pages to asp. Is there
> anything less drastic?
>
>
> Chris Neil
>   Security Officer
>   Chris.Neil () abs-ltd com
> -------------------------------------------
> ABS 
>   Tel:     +44 (0) 1993 771221
>   Fax:    +44 (0) 1993 775081
> -------------------------------------------
>
>
> .