Re: Secure sites... and the theory of relativity

From: John Cesta (lists_at_lookwww.com)
Date: 01/28/05 

Date: Fri, 28 Jan 2005 14:37:08 GMT

On Thu, 27 Jan 2005 19:08:13 -0800, "Ron Weldy" <ronweldy@msn.com>
wrote:

>In the past, I have always handled secure sections of websites using IIS.
>You put the files you want to transfer data securely in a folder and you
>indicate that in IIS. If you really need to force the url, then I have also
>encountered code that picks up the current domain or server and then
>concatenates the url accordingly.

I think it's just preference. Not everyone does it the same way and
your or his way isn't necessarily the "correct" way it's just the way
it works for you or others.

John Cesta

The CPU Checker - Monitors your CPU % while you sleep
LogFileManager - IIS LogFile Management Tool
WebPageChecker - Helps Maintain Server UpTime
DomainReportIt PRO - Helps Rebuild IIS
http://www.serverautomationtools.com

>
>Now, I have this site that someone else set up and they have hard-coded the
>links with the https prefix to force them to be handled securely (not to
>mention some other plain ol' links as well). Why would they not setup secure
>directories? I can't remember if IIS prevents you from running the pages in
>a non-secure mode. Of course, the other major problem with this in that it's
>a pain in the *** if you're using a test server. Anyone know why someone
>would do this? Is there some search engine penalty if you don't hard code
>full urls in html? Another interesting thing is that this is buried in
>asp.net controls, which I don't even expose links, so I really don't
>understand why that is not done using relative links, unless there is some
>goofy-ness with these controls living in the bin folder. At any rate, I
>usually use relative pathing myself just to keep my sanity when testing.
>
>All opinions are welcome, before I set about trying to correct this mess!
>

Relevant Pages

  • Re: best way to secure an FTP server in IIS 5 and IIS in general ???
    ... How to secure any Windows computer, including IIS: ... > NTFS, just using list folder contents, returns a read error... ... > These questions are in response to having the FTP server hacked and had to ...
    (microsoft.public.inetserver.iis.security)
  • RE: How secure are virtual folders on IIS server
    ... Hi Dinesh, ... A virtual directory in IIS can be as secure as you want to make it. ... really depends on what the purpose of the folder is and how much access you ...
    (microsoft.public.inetserver.iis.security)
  • RE: IIS
    ... I believe that once the source code is open source, ... Subject: IIS ... are a myriad of options to hardening an IIS box than just patches. ... worked with many and would answer this with, the system is as secure as the ...
    (Security-Basics)
  • Re: How to secure IIS?
    ... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ...
    (microsoft.public.inetserver.iis.security)
  • RE: IIS
    ... Apache is much more secure by default. ... irony I run IIS but this because I know how to harden it). ... recipient, or an employee or agent responsible for delivering this ...
    (Security-Basics)
Loading