Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

General discussion


Security Problem

By windon ·
I am running NT 4.0 SP6a, IIS 4.0, with MS Office 2000. This system is used as a web server hosting about 12 web sites. I have two web sites that are password protected using NT security basic authentication and 128 bit SSL with a server certificate. I use MS Access 2000 for the database backbone. I use ODBC for connection to the data bases. Active server pages are developed for access to the data bases. Until I loaded the MDAC_type.exe 2.6 patch onto the web server I was able to place the following security settings on the ASP pages and not have any problems. The settings are as follows: Authorized users must sign on and they have been given USER ID passwords that are placed in a global group. In the MMC console I set the security on the ASP folder to require basic authentication. In windows explorer the security settings are for those who are in the specific group only (full control), Administrators, and SYSTEM with the IUSR_(server)not given access. The databases are ina seperate folder with anonymous user access, and the IUSR_(server) account given full control. After the patch mentioned above was applied my users were not able to access the web pages using there userid passwords. Administrators are able to log on but no one else. I resolved the problem by having to give anonymous access to the ASP directory, allow IUSR_(server) full control on the windows explorer security settings before the user could access the web pages. I need the tigher security settings on my ASP pages. Additionally, htm, html, docs, xls, ppt files have not been affected. Has anyone else run into this problem and if so what is the solution?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums