Security and WebBatch

Keywords:    WebParamData   dumpinputdata   dumperrorlog

---

Question:

Is it possible to secure a Webbatch CGI script so that only a restricted group can call the program.

I am running NT 3.51, IIS 1.0. and am converting to NT 4.0, IIS 3.0.

I have found that if I restrict access to a webbatch subdirectory (not including the anonymous user) The Webbatch script return the following error

        ****************
        D:\scripts\WebBatch\IcisPlatts/plattsSECURE.web

        WebBatch 96K
        WIL Version: 2.3kbn

        ****************

Your help is greatly appreciated.

Answer:

Ummm. Is the user authenticated? If so you can get the userid with WebParamData and then decide what to do.

I would use dumpinputdata and look at the information available from both authorized users and unauthorized users and see if I can tell them apart.

The error message didn't even give a little bit more info ??? Also try looking in the error log (Find the file or try the dumperrorlog trick)

Resolution:

Security problem resolved. Basically, I have been in the process of securing our Intranet Server IIS 3.0 NT 4.0 (sp2). In the process, I had removed the Anonymous Internet Server Access (IUSER_NTServer_Name).

Within the Internet Service Manager I disabled (Allow anonymous) in the Password Authentication section and only allow basic and NTLM.

I made the appropriate security changes to the HTML directory. However, I did not add the local group to the /webcgi/IcisPlatts directory (I thought this change occured but did not). This caused the error message to appear. It could not find the web file , user was authenticated, however did not have access to the webbatch area.

Unfortunately since the error message didn't give much info I didn't spot it right away.

It was an administration problem on my side. Thanks for your help.

---

Article ID:   W12455

Filename:   Security and User Authentication.txt