RE: Global.asa security under IIS 6.0
From: Michael Howard (mikehow_at_microsoft.com)
Date: 06/09/04
- Previous message: H Carvey: "Re: USB delivered attacks - lessons learned/summary (so far)"
- Maybe in reply to: Bénoni MARTIN: "Global.asa security under IIS 6.0"
- Next in thread: Don Tuer: "RE: Global.asa security under IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jun 2004 10:09:28 -0700 To: Bénoni MARTIN <Benoni.MARTIN@libertis.ga>, <webappsec@securityfocus.com>, <pen-test@securityfocus.com>
Iis won't serve up global.asa to users, that said, you shouldn't store sensitive data in there either!
[Writing Secure Code 2nd Edition] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[Annual Security Training] http://mste/training/offerings.asp?offeringid=7142
-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN@libertis.ga]
Sent: Tuesday, June 08, 2004 1:18 AM
To: webappsec@securityfocus.com; pen-test@securityfocus.com
Subject: Global.asa security under IIS 6.0
Hi list !
I am wondering about how much secure is the "global.asa" file in ASP. It = seems that we can gather there most of the parameters used with our ASP = pages, but it can be also a weakness if a malicious guy gets access to = it !
So anyone one knows how secure is it to use global.asa, how can we get = it from a website (IIS refuses access to it with an = http://blahblahblah.com/global.asa)...and how can we avoid people = stealing if ?
Thanks in advance!
- Previous message: H Carvey: "Re: USB delivered attacks - lessons learned/summary (so far)"
- Maybe in reply to: Bénoni MARTIN: "Global.asa security under IIS 6.0"
- Next in thread: Don Tuer: "RE: Global.asa security under IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
