|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS Virtual Directory Hacksa sql database, each user will have a virtual directory that will give them an interface to access their respective database. My worry is that they will be able to access each others virtual directories and hence modify the respective database. I want to test the application and ensure that users cannot access each others virtual directories and databases. I have already tested that they cannot insert the name of another users virtual directory followed by a file name, that they can find out from their own virtual directory. The users have no access to the IIS server apart from via their Virtual directory. I need to secure this application and make it water tight. I am looking for some suggestions for how to possibly hack another users virtual directory. Any help here would be greatly appreciated. Many thanks in advance. On Mon, 22 May 2006 12:02:38 +0100, "jonathan haughey"
<jonathan.haug***@shesoftware.com> wrote: Show quoteHide quote >I am publishing a web application in asp that will allow my users to access Lock them down with NTFS permissions.>a sql database, each user will have a virtual directory that will give them >an interface to access their respective database. > >My worry is that they will be able to access each others virtual directories >and hence modify the respective database. > >I want to test the application and ensure that users cannot access each >others virtual directories and databases. > >I have already tested that they cannot insert the name of another users >virtual directory followed by a file name, that they can find out from their >own virtual directory. > >The users have no access to the IIS server apart from via their Virtual >directory. I need to secure this application and make it water tight. > >I am looking for some suggestions for how to possibly hack another users >virtual directory. > >Any help here would be greatly appreciated. > >Many thanks in advance. Jeff 
Other interesting topics
One Domain with 2 websites and 2 SSL Certs
Kerberos timout with IIS6, ASP.Net and SQLServer What dictates whether the LOGON_USER Server Variable is sent? a new idea to prevent DoS attacks fileshare on my website handling files on another server within same workgroyp !!?? Certificate Services Web Enrollment Support not working Dumb basic authentication and SSL question <customErrors> confusion XP FIREWALL ERROR "Due to an unidentified problem. windows cannot |
|||||||||||||||||||||||
