Re: Setting Up IIS secure website
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 07/29/04
- Next message: Bernard: "Re: Security checking software"
- Previous message: Bernard: "Re: Password Protection"
- In reply to: Josh: "Re: Setting Up IIS secure website"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jul 2004 12:23:29 +0800
It depends, the risk is higher if the machine is not protected by firewall /
antivirus and etc.
If you have a firewall and only allow port 80 access, unless there's a
vulnerability in IIS, at most hacker can use the password to access your IIS
via port 80... not much of a OS access.
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Josh" <anonymous@discussions.microsoft.com> wrote in message news:5fcd01c474e6$7778ebd0$a301280a@phx.gbl... > Thanks, that helped. > > I found that by unchecking the "Integrated Windows > Authentication" and only selecting Basic Authentication I > was able to use the quest account I set up to log into my > web site. One last question, I understand that when using > a password without SSL it is sent in clear text. If some > how some one did get that password to my guest account > what kind of access would they have to do damage to my > system? (The user and password is only a member of the > Guests group). > > > >-----Original Message----- > >On Wed, 28 Jul 2004 07:34:32 -0700, "Josh" > ><anonymous@discussions.microsoft.com> wrote: > > > >>I am using Win XP SP 1, IIS 5.1 > >>I can see my web site over the internet. I am trying to > >>set up a secure folder on my web site. I have tried to > >>use the permissions wizard using the template Secure Web > >>Site. I use the (recommended) Replace All Directory and > >>File Permissions. Then the wizard is finished. I have > >>created a user 'XXX' with a password and made XXX part > of > >>the guest group, this is the user I would like to access > >>the site. (I copied the settings from the default > acount > >>IUSR_XXXXXX) When I try to access the folder on my web > >>site a login screen comes up, I type in the name and > >>password and it says I am not authorized. I then tried > >>using my administrator password and that didn't even > work. > >>I think I must have set something up wrong because no > >>matter what I do I can't get into the web site once I > set > >>it as secure.... I hope I gave enough info Please Help > > > >See: > > > >How To Use NTFS Security to Protect a Web Page Running on > IIS 4.0 or > >5.0 > >http://support.microsoft.com/?id=299970 > > > >HOW TO: Configure IIS 5.0 Web Site Authentication in > Windows 2000 > >http://support.microsoft.com/?id=310344 > > > >Jeff > >. > >
- Next message: Bernard: "Re: Security checking software"
- Previous message: Bernard: "Re: Password Protection"
- In reply to: Josh: "Re: Setting Up IIS secure website"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
