Database Search
TechHome
 | |
| |
| |
| |
|
- !!NEWSFLASH!!
- CGI Forms to Change NT User Passwords
- Event ID 1000 in Server log
- Executing Webbatch from Browser
- Form Variables Empty
- Is Webbatch an ISAPI product
- ISPs and WebBatch
- LED in WebBatch
- Mail.web Character Limit
- NCSA Log report maker script
- Netscape is attempting to download Webbatch
- ParseData Limitations
- Perflib Performance Data Problem
- Return the Filename Associate with Form Data
- Security and User Authentication
- Variable Name Not Passed by IE6 or IE7
- Webbatch and Printing to Local Printer
- Webbatch and REXX
- WebBatch and Server Platforms Supported
- WebBatch and Windows 2003 Server
- Webbatch on MS Personal Web Server
- WebBatch on Virtual Servers
- WebBatch Security
- WebBatch vs WinBatch
- WebBatch Web Host
- WebParamData Fails with DIV Tag
- WebParamSet and TimeOut Error
- What is WebBatch and How Does It Work
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Security and WebBatch
Keywords: WebParamData dumpinputdata dumperrorlog
Question:
Is it possible to secure a Webbatch CGI script so that only a restricted group can call the program.I am running NT 3.51, IIS 1.0. and am converting to NT 4.0, IIS 3.0.
I have found that if I restrict access to a webbatch subdirectory (not including the anonymous user) The Webbatch script return the following error
****************
D:\scripts\WebBatch\IcisPlatts/plattsSECURE.web
WebBatch 96K
WIL Version: 2.3kbn
****************
Your help is greatly appreciated.
Answer:
Ummm. Is the user authenticated? If so you can get the userid with WebParamData and then decide what to do.I would use dumpinputdata and look at the information available from both authorized users and unauthorized users and see if I can tell them apart.
The error message didn't even give a little bit more info ??? Also try looking in the error log (Find the file or try the dumperrorlog trick)
Resolution:
Security problem resolved. Basically, I have been in the process of securing our Intranet Server IIS 3.0 NT 4.0 (sp2). In the process, I had removed the Anonymous Internet Server Access (IUSER_NTServer_Name).Within the Internet Service Manager I disabled (Allow anonymous) in the Password Authentication section and only allow basic and NTLM.
I made the appropriate security changes to the HTML directory. However, I did not add the local group to the /webcgi/IcisPlatts directory (I thought this change occured but did not). This caused the error message to appear. It could not find the web file , user was authenticated, however did not have access to the webbatch area.
Unfortunately since the error message didn't give much info I didn't spot it right away.
It was an administration problem on my side. Thanks for your help.
Article ID: W12455
Filename: Security and User Authentication.txt
File Created: 1999:04:15:16:47:22
Last Updated: 1999:04:15:16:47:22