Re: Flat text based security issue

From: Thomas Deml [MS] (thomad@online.microsoft.com)
Date: 10/17/02

Next message: Thomas Deml [MS]: "Re: No administerable Services found"
Previous message: Thomas Deml [MS]: "Re: ASP Global.asa HELP"
In reply to: Tim P.: "Flat text based security issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Thomas Deml [MS]" <thomad@online.microsoft.com>
Date: Wed, 16 Oct 2002 22:47:04 -0700

Why don't you store the file outside the URL space where no browser can
access it.

You should also find out who needs access to the file. Lock it down so that
only the identity has access.
To do that turn on auditing and see under what identity Oracle (or the
third-party tool) accesses the file:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windows2000serv/deploy/confeat/13w2kadc.asp

Hope this helps.

--
Thomas Deml
Lead Program Manager
Internet Information Services
Microsoft Corp.
If
"Tim P." <tplaswirth@hotmail.com> wrote in message
news:34c101c27485$2cd4c850$3bef2ecf@TKMSFTNGXA10...
> Hello all,
>
> I have a third party site built for my company.  With this
> is a third party program that communicates via ODBC to our
> Oracle dB.  Thus data passes back and forth.  I have my
> IIS server out in our DMZ where it belongs.  But I had to
> shut it down to work on this one issue.
>
> I have a flat text file that contains some settings for
> the Oracle connectivity.  In this file contains the ID and
> Password for our production Oracle server.  I can't
> believe this company wrote that without any encryption.
> Well alas, the business unit wants it working.  Yet they
> are giving me time to work out my security woes.  Can
> anyone assist me with any ideas?  I have tried obscurity
> but that does not work.  I changed the file name and put
> it in another folder.  But if you view the source of the
> website it will give you that path no matter what.
>
> Again any help is greatly appreciated!
> Thanks in advance,
> Tim
>

Next message: Thomas Deml [MS]: "Re: No administerable Services found"
Previous message: Thomas Deml [MS]: "Re: ASP Global.asa HELP"
In reply to: Tim P.: "Flat text based security issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Flat text based security issue
... I assume you want a more secure way of storing the logon credentials: ... > I have a third party site built for my company. ... > the Oracle connectivity. ... > Password for our production Oracle server. ...
(microsoft.public.inetserver.iis.security)
Flat text based security issue
... I have a third party site built for my company. ... is a third party program that communicates via ODBC to our ... the Oracle connectivity. ... Password for our production Oracle server. ...
(microsoft.public.inetserver.iis.security)
Re: Need to replace E220 and still run Sol 9
... Oracle database and VCS run on Solaris 10 just fine. ... Do I need a Sun array or some 3rd party will work as ... The problem with third party is support. ...
(comp.unix.solaris)
Re: connection string format
... how do you plan to access the Oracle service? ... ODBC driver? ... From MS or Oracle or a third party? ... Connection String for what database technology? ...
(microsoft.public.data.ado)