IIS Server Security - Using Integrated Security

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > June 2006 > Using Integrated Security





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Using Integrated Security
abel.khumalo@hotmail.com

2006-06-21, 7:37 am

Good day,

I have a Login.asp page to authenticate the users to my Web
application. Is it possible for someone to hack into the Login.asp page
by changing the value of the REMOTE_USER variable in the header and
then gaining access to the page? How would that be done (hacking?)
Also, what happens to the following piece of code if:

> I login to my machine as MyDomain\User1, somehow manage to hack the Login.asp page to accept the user as MyDomain\User2:

Set objSecurity =
GetSecurityCallContext("OriginalCaller")
If objSecurity("AuthenticationService") = 10 Then
sExternalUserName = objSecurity("AccountName")
End If

What will the value of the REMOTE_USER variable be after executing the
code above? Will it be MyDomain\User1 or MyDomain\User2?

Regards,

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com