security measures! -->I had a shot list here

Results 1 to 2 of 2

Thread: security measures! -->I had a shot list here

  1. #1
    Join Date
    Dec 1969

    Default security measures! -->I had a shot list here

    Anyone knows where I can find good articles about internet security. I almost finish a website and I want to see a kind of checklist of security measures. For know:<BR>1) All directories had a default page. No one can see the list of files in the directory.<BR>2) State is preserved by session variables, no one can see any page without pass throught the login page. The login page is the only one that create the session variables. In each page I had an include file for authetication (where I check the values stored in the session variables) <BR>3) In my login page, if you put the wrong password 3 times it redirects you to, <BR>4) The page&#039;s source don&#039;t reveal any useful information.<BR>5) My database is SQL Server 7. I think that no one can reach it.<BR>6) Page expires after 0 minutes. It could be a constant change of data in the website and is important to receive the last information that arrives.<BR>7) User can upload files. I dont let the upload *.asp or *.exe . Any other file extension sugested? Because I use an asp class to read the content of the uploaded file, I set the anonimous user to have write/read/modify permission to disk. How bad is that if anyone can upload an executable page? <BR>I had some folders for the users where they can store *.xls,*.doc,*.ppt,*.pdf,.*gif,.*jpg,*.htm,*.html, and some other files. I dont make a virus check because I dont manipulate them. How bad is this? I dont know if the computer do it by it self because I dont own the Server, I need to see the administrator sometimes to change permissions to folders and check some issues but it is not too often.<BR>If I want to don&#039;t allow users to browse a folder, How can I display a binary file like *.doc? with a server.execute or server.transer? How because I tried and it didnt works?(maybe I didnt persist)<BR><BR>This is my short list. Any answer for any of my questions are welcome. Just in case: ISS 5 Windows 2000 Server.<BR>Site Topic: Educational.<BR> The security is important because I dont want students or any other people, alter the contents of the stuff inside. Or get the stuff before or after date.<BR><BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: security measures! -->I had a shot list h

    That is such a broad topic that a single post couldn&#039;t answer it all especially not know your site and it&#039;s apps. There is literally a ton of info out there. Try, or a host of others for more information than you will probably want to read.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts