Using Integrated Security

From: abel.khumalo@xxxxxxxxxxx
Date: 21 Jun 2006 01:58:57 -0700

Good day,

I have a Login.asp page to authenticate the users to my Web
application. Is it possible for someone to hack into the Login.asp page
by changing the value of the REMOTE_USER variable in the header and
then gaining access to the page? How would that be done (hacking?)
Also, what happens to the following piece of code if:

I login to my machine as MyDomain\User1, somehow manage to hack the Login.asp page to accept the user as MyDomain\User2:

Set objSecurity =
GetSecurityCallContext("OriginalCaller")
If objSecurity("AuthenticationService") = 10 Then
sExternalUserName = objSecurity("AccountName")
End If

What will the value of the REMOTE_USER variable be after executing the
code above? Will it be MyDomain\User1 or MyDomain\User2?

Regards,

.

Prev by Date: Re: Securing static files
Next by Date: IIS 6.0 WScript Execution
Previous by thread: Re: Mirror ftp sites and user accounts in IIS
Next by thread: IIS 6.0 WScript Execution
Index(es):
- Date
- Thread

Relevant Pages

RE: Access 07 Use multiselect listbox to filter report
... Based on the error you are receiving, it sounds as if the hack is executing ... "Select ItemNumber & ItemColor As ItemNumberColor, ItemNumber, ItemColor ... You no longer need the hack. ...
(microsoft.public.access.formscoding)
GP Logon Script Fails on Wireless XP Clients
... For some reason wireless XP clients are not running an OU ... I am using 802.1x and IAS to authenticate the ... Is there a way to delay the GP from executing until the ...
(microsoft.public.win2000.group_policy)
Re: Possible to get field names and types in a table without executing a query?
... just to poll for column names. ... executing. ... Then use the hack method. ...
(perl.dbi.users)
How to determine which CPU a thread is executing on?
... Does anyone know of a programatic method (or hack) ... to determine which CPU a thread is currently executing on? ...
(comp.os.linux.misc)