Secure non-ASP-files without Basic or NTLM-Securit

Results 1 to 2 of 2

Thread: Secure non-ASP-files without Basic or NTLM-Securit

  1. #1
    Join Date
    Dec 1969

    Default Secure non-ASP-files without Basic or NTLM-Securit

    I try to build an intranet that can be accessed by the internet. As I have to host it at an ISP and the users with access rights will change quite often, I can not tell the ISP to generate user accounts each time (too expensive).<BR><BR>I am able to build a security based on asp. The problem is that this will only secure asp-pages (conducting a security check at the beginnig of every page), but not other documents (like office documents) that will be uploaded by the users. If anybody is able to guess a filename (or to show the folder content), he will be able to download all these files without password :-(<BR><BR>Any ideas how to prevent bad guys from doing this?<BR><BR>I&#039 thinking about 3 solutions:<BR><BR>a) a "general" login username and password using basic or ntlm authentication - and then a second username / password basing on my own asp security. problems: 2 usernames and passwords (user will LOVE that!), all the users knowing the "general" login are able to download any non-asp-file)<BR><BR>b) a tool that makes it possible to generate and delete user accounts with asp-code AND that will be accepted by a average isp.<BR><BR>c) the miracle solution you will present me ;-)

  2. #2
    Join Date
    Dec 1969

    Default RE: Secure non-ASP-files without Basic or NTLM-Sec

    Option B is the only obvious route - this is the technique we use on B2B extranets. It no great problem to find a component that will do NT account management - only problem is that if you&#039re on a leased box I doubt your ISP will allow it.<BR><BR>Dunc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts