Re: How can I encrypt files on a HTTPS file server?
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 08/02/04
- Next message: MrGreen: "no network connections"
- Previous message: Bob Qin [MSFT]: "Re: 2 NICs + Site-to-Site VPN + Http proxy = problem"
- In reply to: George Valkov: "Re: How can I encrypt files on a HTTPS file server?"
- Next in thread: George Valkov: "Re: How can I encrypt files on a HTTPS file server?"
- Reply: George Valkov: "Re: How can I encrypt files on a HTTPS file server?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 2 Aug 2004 00:45:42 -0400
In news:ejst5EAeEHA.1644@tk2msftngp13.phx.gbl,
George Valkov <null@somewhere.com> asked for help and I offered my
suggestions below:
> Thank You, Ace!
> This was good to know!
> Finally I found a work around and now it's working.
> 1. The target aim was a transparent work with encrypted files (using
> EFS) on the server.
>
> 2. Because I use a limited account (A) when I work locally on the
> server, I have to login to the HTTPS site as another user (B). At
> that point everything will work fine except for the access to
> encrypted files and folders. I found out that the site uses
> Integrated Windows Authentication by default. The server will mix up
> my credentials and finally deny access.
> I changed the authentication mode to Clear Text and now it uses the
> correct credentials allowing me to work transparently with encrypted
> files. I will investigate remote sessions to see if I can use the
> Integrated Windows Authentication.
If you connect with an FQDN or an IP address in the URL, it will always ask
for authentication. If you connect using the NetBIOS name of the server in
the URL (such as when you are in a corp environment or you own home network)
the browser will default to using Windows Integrated.
> 3. No, I really doubt that anyone has any reason to crack the session.
> Actually parts from this are for testing and learning. Certification
> Authority is installed on my server, so I decided to request a 8192
> bits RSA certificate. Is there at least one performance or other
> reason to use smaller? Can You tell me what encryption algorithm is
> recommended for HTTPS sites?
Usually 128bit is the best available so far. Using an 8192 bit cert is alot
of CPU overhead. I can understand if working with government related data.
>
> 4. The local security policy is set to allow only NTLM2
> authentication. This will apply for the HTTPS session only if I use
> the Integrated Windows Authentication, right?
Yes. But like I said, depends on what address you use to connect to.
> 5. Some special characters based on ALT+number will increase the
> password strength. For local logon this is not a problem, but for
> logon to HTTPS sites, the password is received incorrectly by the
> server. Is there a work around for this?
Not that I know of. That is always a limitation with pwds, depends on what
you;re logging into or what you're logging on with. Locally works fine, but
not thru IIS. I like using those characters as well, but you;'re limited...
>
>
> George Valkov
>
Ace
- Next message: MrGreen: "no network connections"
- Previous message: Bob Qin [MSFT]: "Re: 2 NICs + Site-to-Site VPN + Http proxy = problem"
- In reply to: George Valkov: "Re: How can I encrypt files on a HTTPS file server?"
- Next in thread: George Valkov: "Re: How can I encrypt files on a HTTPS file server?"
- Reply: George Valkov: "Re: How can I encrypt files on a HTTPS file server?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
