[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Securing a web application.

Posted on 2012-03-23
3
Medium Priority
?
437 Views
Last Modified: 2012-06-21
Hello,

I have written a little ISAPI dll that reads a document database and returns a document as a PDF by setting the reponse stream to the document.

It is very simple and works fantastically.

However i need to secure it so that not everyone can just type in the url and read a document.

Any suggestions?
0
Comment
Question by:soozh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 668 total points
ID: 37761409
The general design for client authentication is given in this article.  If you're not using PHP, choose the language you like and make a Google search for "[language] client authentication."  A good answer will almost certainly appear in the top one or two pages of search results.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391.html
0
 
LVL 65

Assisted Solution

by:btan
btan earned 664 total points
ID: 37761886
Probably I see it as defense in depth where you harden from network, web and down to data layer. In this case, server hardening is good start like use of iis  and urlscan http://technet.microsoft.com/en-us/library/cc731278(v=ws.10).aspx

Check out url authorization and restrict of isapi
 http://technet.microsoft.com/en-us/library/cc772206(v=ws.10).aspx
 http://technet.microsoft.com/en-us/library/cc730912(v=ws.10).aspx

Overall, owasp cheatsheets are good resource to leverage further hardening of the web codes e.g. defense against force browsing and i see data leakage as a key concerned as well
 https://www.owasp.org/index.php/Cheat_Sheets
0
 
LVL 33

Accepted Solution

by:
shalomc earned 668 total points
ID: 37761919
You can secure it by basic authentication in IIS.
The actual implementation depends on your environment (AD/domain/IIS version), here is how it is done in IIS 6.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/abbca505-6f63-4267-aac1-1ea89d861eb4.mspx?mfr=true
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question