| Zester 2007-11-16, 1:39 pm |
| I'm taking the no response as there is no way to perform the audit [sigh]
This is how a security hole can become a big nasty hole because it gives
users a false sense of security. Who knows which sensitive files out there
are being exposed to hackers because of the lack of this audit feature!
"Zester" <zeze@nottospam.com> wrote in message
news:%23wBYHs9HIHA.3400@TK2MSFTNGP03.phx.gbl...
> Is there a way to audit which files are allowed to be downloaded by
> default configuration? I looked into IIS5 Application Configuration dialog
> and didn't see .bak to be in the mapping for the website but it was
> allowed to be downloaded as you pointed out. IIS6 doesn't have the entry
> either but it's not allowed to be downloaded. Sounds like the default
> configuration is hidden.
>
> Also, would you know a documentation that walks me through how to block
> .bak from being downloaded in IIS5? Thanks!
>
>
>
> "David Wang" <w3.4you@gmail.com> wrote in message
> news:1194058410.973691.294860@e9g2000prf.googlegroups.com...
>
>
|