[aclug-L] NT Security woes
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Folks,
I confess that in my case "VB programmer" is shorthand for "doesn't have
clue". Nevertheless, even I am slowly learning enough to be frustrated by
the limitations of Windows.
I have just spent several days debugging a problem I have had with NT,
IIS, and SQL server. I have folks logging on to a Web site on NT, the web
page runs code, the code tries to access the SQL server, access is denied.
Access to the database shouldn't be denied, because the code is running as
if it were the user IUSR_machinename, and the user IUSR_machinename has
appropriate privileges on SQL server.
I finally was pointed to an article which explains that impersonation only
works locally. That is to say, IIS can verify across the network that you
are who you claim to be, and it can impersonate you in that it can verify
permissions on local resources, but it can't impersonate you across the
network to get remote resources.
I have three questions, no points for guessing right on the first one:
1. Can Linux/Apache handle this security problem which stumps NT/IIS?
i.e., can Apache authenticate a remote request, and then impersonate the
user making the request for the purpose of getting other resources on the
network?
2. How long has Linux/Apache been able to do this?
3. What are the job prospects for a wayward developer who deep in his
heart wants to reform himself?
Thanks,
-Fritz
---
This is the Air Capitol Linux Users Group discussion list. If you
want to unsubscribe, send the word "unsubscribe" to
aclug-L-request@xxxxxxxxxxxx. If you want to post to the list, send your
message to aclug-L@xxxxxxxxxxxx.
- [aclug-L] NT Security woes,
Karl Juhnke <=
|
|
