Re: asp/xml security problem in IIS
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/04/02
- Next message: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Previous message: Karl Levinson [x y] mvp: "Re: It seems I got hacked"
- In reply to: jt: "asp/xml security problem in IIS"
- Next in thread: Thomas Deml [Msft]: "Re: asp/xml security problem in IIS"
- Reply: Thomas Deml [Msft]: "Re: asp/xml security problem in IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Wed, 4 Dec 2002 11:50:35 -0500
"jt" <jtingres@comcast.net> wrote in message
news:tuSdnURaafHOq3GgXTWcpg@comcast.com...
> We have an asp page that uses xml to get information from another
database.
> The problem is since we did some microsoft updates, only administrators on
> the box can see the webpage. All other users on the domain can not see the
> page the xml fails. IUSR has the proper rights on the folder and we have
> lowiis and anoymous checked. Can anyone think of what the problem could
be.
> Thanks
Well, I suppose you could enable auditing on the web server and/or database
server. It could be that the account you think is being used is not the one
being used. As you may know, if the folder containing the .ASP script is
set to Medium or High "Application Isolation" in the IIS MMC, then the
IWAM_computername account is being used instead of IUSR.
More info:
http://securityadmin.info/faq.htm#auditing
http://securityadmin.info/faq.htm#iwam
Or, it could be that the password for the IUSR account [or whichever account
is used to access the database] has changed either on the web server because
the IIS MMC is set to control the password, or on the SQL server because a
SQL or other patch was installed. This would probably be apparrent after
you enable auditing. You could confirm whether this is the case by trying
to log into windows on the web server using the IUSR account and the
password you think is assigned to the IUSR account, or by using the
ADSUTIL.VBS command to retrieve or set the password for the IUSR or IWAM
account in the IIS metabase. More information on using ADSUTIL can be found
by searching www.microsoft.com/support for the word ADSUTIL.
- Next message: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Previous message: Karl Levinson [x y] mvp: "Re: It seems I got hacked"
- In reply to: jt: "asp/xml security problem in IIS"
- Next in thread: Thomas Deml [Msft]: "Re: asp/xml security problem in IIS"
- Reply: Thomas Deml [Msft]: "Re: asp/xml security problem in IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
