Re: ASP trouble with IIS 6.0 security

From: K. K. Mookhey (cto_at_nii.co.in)
Date: 04/30/04

  • Next message: Adnan Ali: "RE: What does this mean?" 
    To: "aruna" <arunah@slt.lk>, <security-basics@securityfocus.com>
Date: Fri, 30 Apr 2004 11:32:42 +0530

    You'd probably want to use ChiliSoft from Sun, although parts of the ASP
    code do need to be re-written.
    http://wwws.sun.com/software/chilisoft/

    Not sure if any special security concerns would arise by running ASP on
    Unix, vs. the regular issues to be dealt with when running ASP on Windows or
    Perl on Unix.

    Cheers,

    KK
    ----- Original Message -----
    From: "aruna" <arunah@slt.lk>
    To: "Kinyon, Rob" <Rob.Kinyon@progressive-medical.com>; "Bénoni MARTIN"
    <Benoni.MARTIN@libertis.ga>; <security-basics@securityfocus.com>
    Sent: Thursday, April 29, 2004 12:01 PM
    Subject: Re: ASP trouble with IIS 6.0 security

    > Hello All,
    >
    > Is there any method/modules needed to run ASP applications on Apache over
    a
    > UNIX box.
    > We are currently running a UNIX based shared Hosting server with Perl and
    > PHP support , but customers ask
    > to run ASP applications as well.
    > Are there any security risks involved ?
    > Appreciate for any help.
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Adnan Ali: "RE: What does this mean?"

    Relevant Pages

    • Re: File Upload - Security Issues
      ... You want to upload a file for what reason and you do ... file and what pitfalls you see re: security might be helpful on this end?! ... files to an IIS server that doesn't have MS Office actually installed? ... 2* Upon submit this is submitted to an ASP page that then (using the XML ...
      (microsoft.public.scripting.vbscript)
    • AW: ASP Dot Net Security Guidelines
      ... Betreff: Re: ASP Dot Net Security Guidelines ... Basically you'll treat an asp.net application server as you would an asp ... > to set the permissions as it brings up access denied errors on the ...
      (Focus-Microsoft)
    • Re: VB Component debugging as anonymous access
      ... formatting the date on the LCID 1046 as dd/mm/yyyy, ... behavior both in ASP and in my component, ... security on the Web Server, ... Thats why I need the debugger ...
      (microsoft.public.inetserver.asp.components)
    • RE: passwords in asp pages
      ... > I am new to security and I have no training in asp programming, ... > server and the user does not see them, and there do not seem to be any ... vulnerability is 0day; unknown to vendors, ...
      (Security-Basics)
    • Re: Security Scan on IIS shows files and folders
      ... > Recently our comapny had a Professional Security Scan done one of our ... I recommend checking your IIS web logs. ... who can guess the name of the files and folders can view them. ... to .Old or .Bak is a serious problem as the attacker gets to see your .ASP ...
      (microsoft.public.inetserver.iis.security)