Re: Security: Preventing direct access to a PDF file
From: s_m_b (smb20002ns_at_hotmail.com)
Date: 06/23/03
- Next message: Marcus Crowley: "Re: Intermittent access to web site secured with Windows authentication"
- Previous message: CJM: "Security: Preventing direct access to a PDF file"
- In reply to: CJM: "Security: Preventing direct access to a PDF file"
- Next in thread: CJM: "Re: Security: Preventing direct access to a PDF file"
- Reply: CJM: "Re: Security: Preventing direct access to a PDF file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Jun 2003 06:40:08 -0500
"CJM" <cjmwork@yahoo.co.uk> wrote in
news:uhqO6KXODHA.3016@TK2MSFTNGP10.phx.gbl:
unless I'm missing something here, don't you have the access rights to
the documents tied down to user groups?
> Since Active Directory will not be rolled out to all sites in our
> company until next year, I'm working on alternative ways to secure our
> intranet sites. (Sites are on IIS5, built in ASP, and all users use
> IE5+)
>
> By default all users can see a subset of menu option. By logging in,
> some users can see more menu options.
>
> ASP applications are protected on a page by page basis, and as such
> are secure.
>
> However, there are some 'ordinary' documents (eg PDFs or possibly
> XLS/Docs) that are kept in secure areas and are only available through
> restricted menus. However, as things stand, if a user were to know of
> the location of one of these documents, they could gain access by
> directly typing the url in the browser address bar.
>
> This is the loophole I want to close. Its not that likely that a user
> would have sufficient knowledge or know-how to exploit this weakness,
> but that's hardly the basis of a sound secure intranet!
>
> Note: The bulk of the content is maintained by key [non-technical]
> users; they usually convert the desired content to PDF format, then
> using some custom CMS functionality they add these documents to the
> DB-driven menu. This an essential feature of the site that somewhat
> restricts our options - any solution would have to either by-pass
> these guys, or be simple enough for them to do.
>
> Thanks
>
> Chris
>
>
>
- Next message: Marcus Crowley: "Re: Intermittent access to web site secured with Windows authentication"
- Previous message: CJM: "Security: Preventing direct access to a PDF file"
- In reply to: CJM: "Security: Preventing direct access to a PDF file"
- Next in thread: CJM: "Re: Security: Preventing direct access to a PDF file"
- Reply: CJM: "Re: Security: Preventing direct access to a PDF file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
