Security Hole?

Results 1 to 2 of 2

Thread: Security Hole?

  1. #1
    SPG Guest

    Default Security Hole?

    Just a quick question... Does it qualify as a bad thing that I can server.execute or #include a secure file from a non-secure file without tripping any security checks?<BR><BR>[ Say, for example, that I were to upload a small .asp to a corporate extranet which will server.execute an .asp which I had a password requested for -- without caring about the password. Bad thing, yes? ]<BR><BR>The test system was Win2K Adv. Server with IIS 5. File 1 gave "Everybody" "Full Access," file 2 only gave "Authenticated Users" "Full Access" after "Basic Authentication."<BR><BR>Any patches?

  2. #2
    Join Date
    Dec 1969

    Default RE: Security Hole?

    it&#039s not ideal, but it&#039s not really what i&#039d call a security hole either. you can only .execute within the same application, right? if you can .execute from another application, that would be a hole...<BR><BR>jason

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts