ISAPI Application and Integrated Security

We have a ISAPI dll that we access over Windows Integrated Security.
Everybody is allowed to acces the server in our Intranet that is a user of
our domain.
In that application we use the WindowsUsername from the users that starts a
'session' to check some security settings (stored in sql-server-tables)and
decide what we show to the user. (Options/reports/Forms/...)
Now we are thigthening our security on the sql sever and only Windows
Authentication will be allowed.
Until now the only way to run that DLL and use WA to connect to sql is to
change the user that runs the IIS-WWW service.
>From localsystem to something else.
But what if we also have a other website running on that IIS that has
nothing to do with SqlServer...

Is there another approach for this kind of security problems ??


Harry Leboeuf
Kinepolis Group


Relevant Pages

  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
  • Re: The Myth of the secure Mac
    ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
  • SecurityFocus Microsoft Newsletter # 149
    ... MICROSOFT VULNERABILITY SUMMARY ... EveryBuddy Long Message Denial Of Service Vulnerability ... Intellitactics Network Security Manager ... Windows operating systems. ...
  • SecurityFocus Microsoft Newsletter #120
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...