[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Securing a web application.

Posted on 2012-03-23
3
Medium Priority
?
438 Views
Last Modified: 2012-06-21
Hello,

I have written a little ISAPI dll that reads a document database and returns a document as a PDF by setting the reponse stream to the document.

It is very simple and works fantastically.

However i need to secure it so that not everyone can just type in the url and read a document.

Any suggestions?
0
Comment
Question by:soozh
3 Comments
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 668 total points
ID: 37761409
The general design for client authentication is given in this article.  If you're not using PHP, choose the language you like and make a Google search for "[language] client authentication."  A good answer will almost certainly appear in the top one or two pages of search results.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391.html
0
 
LVL 65

Assisted Solution

by:btan
btan earned 664 total points
ID: 37761886
Probably I see it as defense in depth where you harden from network, web and down to data layer. In this case, server hardening is good start like use of iis  and urlscan http://technet.microsoft.com/en-us/library/cc731278(v=ws.10).aspx

Check out url authorization and restrict of isapi
 http://technet.microsoft.com/en-us/library/cc772206(v=ws.10).aspx
 http://technet.microsoft.com/en-us/library/cc730912(v=ws.10).aspx

Overall, owasp cheatsheets are good resource to leverage further hardening of the web codes e.g. defense against force browsing and i see data leakage as a key concerned as well
 https://www.owasp.org/index.php/Cheat_Sheets
0
 
LVL 33

Accepted Solution

by:
shalomc earned 668 total points
ID: 37761919
You can secure it by basic authentication in IIS.
The actual implementation depends on your environment (AD/domain/IIS version), here is how it is done in IIS 6.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/abbca505-6f63-4267-aac1-1ea89d861eb4.mspx?mfr=true
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Experts Exchange expands question security options for members.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question