|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IIS and InterDev - some info
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: IIS and InterDev - some info
- From: Charlie Roberts <crobertsOLEMISS.EDU>
- Date: Mon, 25 Jan 1999 21:30:56 -0600
- Approved-By: Russ.CooperRC.ON.CA
- Reply-To: Charlie Roberts <crobertsOLEMISS.EDU>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
I found the following excerpt from the msdn library (search for 'security' under the InterDev section), maybe this will shed some light on the prob. -------------------------- FrontPage Server Extensions Visual InterDev works through the FrontPage server extensions to provide the ability to manage design-time Web permissions using the underlying security model of the host operating system on the master Web server. If your operating system is Windows NT with the NTFS file system, the FrontPage extensions manage access for administrators and authors using file ACLs for the DLLs in the following table. These directories are hidden to the Web server but available to the file system: --Function --DLL --Location Administrative(i.e., setting Web permissions) Admin.dll <Webdir>/_vti_bin/_vti_adm Authoring (i.e., opening a file) Author.dll <Webdir>/_vti_bin/_vti_aut Browsing (i.e., viewing links) Dvwssr.dll <Webdir>/_vti_bin/_vti_aut When you perform a function, such as changing permissions on a Web application, your request is sent over HTTP at the server and routed to one of these ISAPI DLLs. For example, a request to perform an administrative function is handled by that Web application's Admin.dll. In the request, the client provides credentials that identify the user who is logged in to the client workstation. This user must have read permission (equivalent to read and execute individual permissions) for the DLL handling the request; otherwise, the request is denied. Thus FrontPage restricts who may perform a given request by controlling read permission on the DLLs in _vti_bin. Whenever a change is made to a Web application's permissions via the Web Permissions dialog box, the FrontPage extensions on the server modify the ACLs on the DLL's _vti_adm and _vti_aut directories in that Web application's _vti_bin directory accordingly. Note FrontPage does not change ACLs on content files to manage design-time security; it only changes ACLs on the directories that contain the gatekeeper files admin.dll, author.dll, and dvwssr.dll. FrontPage manipulates content file ACLs to manage run-time security, which is the topic of the next section. ---------------------------- Charles Roberts Systems Admin - Career Center University of Mississippi
- Prev by Date: Re: Advisory: IIS FTP Exploit/DoS Attack
- Next by Date: IIS 4 Advisory - ExAir sample site DoS
- Prev by thread: Re: Advisory: IIS FTP Exploit/DoS Attack
- Next by thread: IIS 4 Advisory - ExAir sample site DoS
- Index(es):