WebApp Sec mailing list archives
RE: Apache VS IIS Securiyt model question
From: "Dinis Cruz" <dinis () ddplus net>
Date: Tue, 14 Sep 2004 00:40:11 +0100
Please note that these security settings will only be relevant (in IIS) in a Partially Trusted Website (i.e. the Asp.Net code is NOT running with Full Trust). If the code is running with Full Trust, then most likely those security permissions will be easily bypassed. Dinis Cruz .Net Security Consultant DDPlus
-----Original Message----- From: mthompson [mailto:mthompson () brinkster com] Sent: 11 September 2004 01:56 To: webappsec () securityfocus com; pen-test () securityfocus com Subject: Apache VS IIS Securiyt model question Hello, I am doing research and I am stuck. Pitch: In IIS there is the ability to set permissions on a per website basis. In other words the ability to limit access to files and directories based on the users credentials that the website is running under. Additionally, you would in turn add this user to a group and apply group permissions to an object that needed to be accessed by more than one site. Question: Is there a similar security model for apache that would allow credentials from a user to run a virtual website and access files only for a specific virtual site. Also, does any one have a diagram of the apache process? Thanks, Mike
Current thread:
- Apache VS IIS Securiyt model question mthompson (Sep 11)
- Re: Apache VS IIS Securiyt model question exon (Sep 12)
- RE: Apache VS IIS Securiyt model question Dinis Cruz (Sep 13)
- Re: Apache VS IIS Securiyt model question Ivan Ristic (Sep 13)
- Re: Apache VS IIS Securiyt model question Alexander Morozov (Sep 13)
- <Possible follow-ups>
- RE: Apache VS IIS Securiyt model question Ken Schaefer (Sep 15)
- (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question Dinis Cruz (Sep 15)