Are there any links, diagrams, PDF's, etc. that describe the security model
for CMS?

Thanks

Tom

[ Post a follow-up to this message ]

Hi Tom,

information about the security model of MCMS are in the MCMS documentation.
What additional information do you need?

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------


"Tom" <Tom@discussions.microsoft.com> wrote in message
news:D838E6D8-E25B-4910-B3F9-6D1F3AE13F4C@microsoft.com...
>
> Are there any links, diagrams, PDF's, etc. that describe the security
> model
> for CMS?
>
> Thanks
>
> Tom
>

[ Post a follow-up to this message ]

Stefan:

We used MCMS for an Extranet site for the Executives.  It works great.  But
internal audit along with SOX compliance are asking me questions reagrding
the security model for MCMS.  I need to document how the MCMS securtiy model
and describe how MCMS helps prevent attackers from getting through.

Tom

"Stefan [MSFT]" wrote:

> Hi Tom,
>
> information about the security model of MCMS are in the MCMS documentation
.
> What additional information do you need?
>
> Cheers,
> Stefan
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
>
> New to MCMS?
> Check out this book: Building Websites Using MCMS: [url]http://tinyurl.com/6zj44[/url
]
> ----------------------
>
>
> "Tom" <Tom@discussions.microsoft.com> wrote in message
> news:D838E6D8-E25B-4910-B3F9-6D1F3AE13F4C@microsoft.com... 
>
>
>

[ Post a follow-up to this message ]

http://www.microsoft.com/technet/pr...in/SecAuth.mspx

is a good overview and still totally relevant to 2002 - especially the
workflow diagram.
http://www.microsoft.com/technet/im...B
IG.gif

if you are interested in more general platform security - this is non MCMS
specific and either IIS and Windows security (see the IIS docs online) or
web application security (see the improving web app security PAG)

hth
Spence


"Tom" <Tom@discussions.microsoft.com> wrote in message
news:288F3DF2-EE6B-4918-808C-9BC97CA1F1A3@microsoft.com...[vbcol=seagreen]
> Stefan:
>
> We used MCMS for an Extranet site for the Executives.  It works great.
> But
> internal audit along with SOX compliance are asking me questions reagrding
> the security model for MCMS.  I need to document how the MCMS securtiy
> model
> and describe how MCMS helps prevent attackers from getting through.
>
> Tom
>
> "Stefan [MSFT]" wrote:
> 

[ Post a follow-up to this message ]

Hi Tom,

MCMS relies on the authentication provided by IIS and ASP.NET.
MCMS itself then does authorization based on the AD/NT account impersonated
by IIS/ASP.NET.

With other words: MCMS relies on the fact that IIS and ASP.NET is configured
to target such attacks.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------


"Tom" <Tom@discussions.microsoft.com> wrote in message
news:288F3DF2-EE6B-4918-808C-9BC97CA1F1A3@microsoft.com...[vbcol=seagreen]
> Stefan:
>
> We used MCMS for an Extranet site for the Executives.  It works great.
> But
> internal audit along with SOX compliance are asking me questions reagrding
> the security model for MCMS.  I need to document how the MCMS securtiy
> model
> and describe how MCMS helps prevent attackers from getting through.
>
> Tom
>
> "Stefan [MSFT]" wrote:
> 

[ Post a follow-up to this message ]