|
Home > Archive > Microsoft Content Management Server > November 2005 > CMS Security Model
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
CMS Security Model
|
|
|
|
Are there any links, diagrams, PDF's, etc. that describe the security model
for CMS?
Thanks
Tom
| |
| Stefan [MSFT] 2005-11-10, 7:50 am |
| Hi Tom,
information about the security model of MCMS are in the MCMS documentation.
What additional information do you need?
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------
"Tom" <Tom@discussions.microsoft.com> wrote in message
news:D838E6D8-E25B-4910-B3F9-6D1F3AE13F4C@microsoft.com...
>
> Are there any links, diagrams, PDF's, etc. that describe the security
> model
> for CMS?
>
> Thanks
>
> Tom
>
| |
|
| Stefan:
We used MCMS for an Extranet site for the Executives. It works great. But
internal audit along with SOX compliance are asking me questions reagrding
the security model for MCMS. I need to document how the MCMS securtiy model
and describe how MCMS helps prevent attackers from getting through.
Tom
"Stefan [MSFT]" wrote:
> Hi Tom,
>
> information about the security model of MCMS are in the MCMS documentation.
> What additional information do you need?
>
> Cheers,
> Stefan
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
>
> New to MCMS?
> Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
> ----------------------
>
>
> "Tom" <Tom@discussions.microsoft.com> wrote in message
> news:D838E6D8-E25B-4910-B3F9-6D1F3AE13F4C@microsoft.com...
>
>
>
| |
| Spencer Harbar [MVP] 2005-11-10, 6:00 pm |
| http://www.microsoft.com/technet/pr...in/SecAuth.mspx
is a good overview and still totally relevant to 2002 - especially the
workflow diagram.
http://www.microsoft.com/technet/im...cauth01_BIG.gif
if you are interested in more general platform security - this is non MCMS
specific and either IIS and Windows security (see the IIS docs online) or
web application security (see the improving web app security PAG)
hth
Spence
"Tom" <Tom@discussions.microsoft.com> wrote in message
news:288F3DF2-EE6B-4918-808C-9BC97CA1F1A3@microsoft.com...[vbcol=seagreen]
> Stefan:
>
> We used MCMS for an Extranet site for the Executives. It works great.
> But
> internal audit along with SOX compliance are asking me questions reagrding
> the security model for MCMS. I need to document how the MCMS securtiy
> model
> and describe how MCMS helps prevent attackers from getting through.
>
> Tom
>
> "Stefan [MSFT]" wrote:
>
| |
| Stefan [MSFT] 2005-11-10, 6:00 pm |
| Hi Tom,
MCMS relies on the authentication provided by IIS and ASP.NET.
MCMS itself then does authorization based on the AD/NT account impersonated
by IIS/ASP.NET.
With other words: MCMS relies on the fact that IIS and ASP.NET is configured
to target such attacks.
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------
"Tom" <Tom@discussions.microsoft.com> wrote in message
news:288F3DF2-EE6B-4918-808C-9BC97CA1F1A3@microsoft.com...[vbcol=seagreen]
> Stefan:
>
> We used MCMS for an Extranet site for the Executives. It works great.
> But
> internal audit along with SOX compliance are asking me questions reagrding
> the security model for MCMS. I need to document how the MCMS securtiy
> model
> and describe how MCMS helps prevent attackers from getting through.
>
> Tom
>
> "Stefan [MSFT]" wrote:
>
|
|
|
|
|