Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Apache VS IIS Securiyt model question

from [Dinis Cruz] Network Security [Permanent Link]
Subject: RE: Apache VS IIS Securiyt model question
Date: Tue, 14 Sep 2004 00:40:11 +0100 
Please note that these security settings will only be relevant (in IIS) in a
Partially Trusted Website (i.e. the Asp.Net code is NOT running with Full
Trust). 

If the code is running with Full Trust, then most likely those security
permissions will be easily bypassed.

Dinis Cruz
.Net Security Consultant
DDPlus


-----Original Message-----
From: mthompson [mailto:mthompson@brinkster.com]
Sent: 11 September 2004 01:56
To: webappsec@securityfocus.com; pen-test@securityfocus.com
Subject: Apache VS IIS Securiyt model question

Hello,

I am doing research and I am stuck.

Pitch: In IIS there is the ability to set permissions on a per website
basis. In other words the ability to limit access to files and
directories based on the users credentials that the website is running
under. Additionally, you would in turn add this user to a group and
apply group permissions to an object that needed to be accessed by more
than one site.

Question: Is there a similar security model for apache that would allow
credentials from a user to run a virtual website and access files only
for a specific virtual site.

Also, does any one have a diagram of the apache process?

Thanks,

Mike
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Testing a web app with heavy JS use, Cipher Louis
Next by Date:  Re: Apache VS IIS Securiyt model question, Ivan Ristic
Previous by Thread:  Re: Apache VS IIS Securiyt model question, exon
Next by Thread:  Re: Apache VS IIS Securiyt model question, Ivan Ristic
Indexes:  [Date] [Thread] [Top] [All Lists]