Re: SharePoint Security
- From: "Herbert" <Herbert@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 Apr 2005 15:27:14 -0700
Sorry, I should've mention that I'm testing with WSS and using Firefox to
access the page.
"Steven Collier [MVP]" wrote:
> I think windows would still lock out the password after the given number of
> attempts ?
>
> The other option in to turn on Request Approval, after 3 goes they get
> directed to a page to request approval, sending a mail to the site owner.
>
> Steven
>
>
> On 12/4/05 20:32, in article
> DB1033F1-DC51-4100-A500-DB420BC38ACB@xxxxxxxxxxxxx, "Herbert"
> <Herbert@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > I don't know if this has been covered here before, I've tried to search but
> > no luck.
> >
> > I notice that a non-admin user can access
> > http://Sitename/_layouts/1033/settings.aspx page. Normal user cannot
> > access the links on that page, and will get prompted for username/password,
> > however, they can try as many times as possible. easy target for just a
> > brutal force attack. Why did MS implement this? Is there a way to block
> > non-admin users from seeing settings.aspx at all (ie. they won't even get
> > prompt for password and just display a 401)
> >
> > I'm planning on putting WSS as an internet site, it's not a very good idea
> > to let others see your site setting page.
> >
> > Thanks a lot.
>
.
- References:
- SharePoint Security
- From: Herbert
- Re: SharePoint Security
- From: Steven Collier [MVP]
- SharePoint Security
- Prev by Date: Re: Multiple Server Farm - Shared Services Design Question
- Next by Date: Re: Migrate from SPS 2001 to SPS 2003
- Previous by thread: Re: SharePoint Security
- Next by thread: Re: SharePoint Security
- Index(es):
Relevant Pages
|
