Re: SharePoint Security
- From: "Bill English [MVP]" <bill@xxxxxxxxxxxxx>
- Date: Tue, 12 Apr 2005 23:27:06 -0500
Remove Site Settings in the site definition. That should accomplish what
you're after.
Bill English
"Herbert" <Herbert@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DB1033F1-DC51-4100-A500-DB420BC38ACB@xxxxxxxxxxxxxxxx
>I don't know if this has been covered here before, I've tried to search but
> no luck.
>
> I notice that a non-admin user can access
> http://Sitename/_layouts/1033/settings.aspx page. Normal user cannot
> access the links on that page, and will get prompted for
> username/password,
> however, they can try as many times as possible. easy target for just a
> brutal force attack. Why did MS implement this? Is there a way to block
> non-admin users from seeing settings.aspx at all (ie. they won't even get
> prompt for password and just display a 401)
>
> I'm planning on putting WSS as an internet site, it's not a very good
> idea
> to let others see your site setting page.
>
> Thanks a lot.
.
- References:
- SharePoint Security
- From: Herbert
- SharePoint Security
- Prev by Date: Re: Urgent: Sharepoint / Active directory services / configuring
- Next by Date: Re: Error: Cannot delete an issue which is not current
- Previous by thread: Re: SharePoint Security
- Next by thread: Urgent: Sharepoint / Active directory services / configuring
- Index(es):
Relevant Pages
|
