sharepoint security

nitpatel
nitpatel used Ask the Experts™
on
In a particular sharepoint application i am doing a assessment on, OWSSVR.DLL  is avaialbale which allows me to download project schema and list information in form of XML data using URL's like
http://WebApp/[site]/_vti_bin/owssvr.dll?Cmd=GetProjSchema
http://WebApp/[site]/_vti_bin/owssvr.dll?Cmd=ExportList&List={ListGuid}
The files which are downloaded is not having any critical infomation.

Want to confirm
1) Is it really a security issue.
2) What maximum can be acheived using this if we get to know GUIDs of different list.
3) What can be done to prevent this , is downloading information with OWSSVR.DLL a standard feature which cant be done away with in MOSS.

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Software Developer
Top Expert 2009
Commented:
1) Generally Sharepoint should be matching permissions to the web objects with the same ACL's as the site.   So it's not really a security issue.  They can only access information they can see in the web UI

2) Quite a bit but it's subject to change.  Microsoft prefers you use the web services

3) Not much.  The web UI uses it all the time when users access the site.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial