Solved

Securing a web application.

Posted on 2012-03-23
3
426 Views
Last Modified: 2012-06-21
Hello,

I have written a little ISAPI dll that reads a document database and returns a document as a PDF by setting the reponse stream to the document.

It is very simple and works fantastically.

However i need to secure it so that not everyone can just type in the url and read a document.

Any suggestions?
0
Comment
Question by:soozh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 167 total points
ID: 37761409
The general design for client authentication is given in this article.  If you're not using PHP, choose the language you like and make a Google search for "[language] client authentication."  A good answer will almost certainly appear in the top one or two pages of search results.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391.html
0
 
LVL 64

Assisted Solution

by:btan
btan earned 166 total points
ID: 37761886
Probably I see it as defense in depth where you harden from network, web and down to data layer. In this case, server hardening is good start like use of iis  and urlscan http://technet.microsoft.com/en-us/library/cc731278(v=ws.10).aspx

Check out url authorization and restrict of isapi
 http://technet.microsoft.com/en-us/library/cc772206(v=ws.10).aspx
 http://technet.microsoft.com/en-us/library/cc730912(v=ws.10).aspx

Overall, owasp cheatsheets are good resource to leverage further hardening of the web codes e.g. defense against force browsing and i see data leakage as a key concerned as well
 https://www.owasp.org/index.php/Cheat_Sheets
0
 
LVL 33

Accepted Solution

by:
shalomc earned 167 total points
ID: 37761919
You can secure it by basic authentication in IIS.
The actual implementation depends on your environment (AD/domain/IIS version), here is how it is done in IIS 6.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/abbca505-6f63-4267-aac1-1ea89d861eb4.mspx?mfr=true
0

Featured Post

Tutorials alone can't teach real engineering

So we built better training tools.

-Hands-on Labs
-Instructor Mentoring
-Scenario-Based Tests
-Dedicated Cloud Servers

All at your fingertips. What are you waiting for?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Ready for our next Course of the Month? Here's what's on tap for June.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question