|
Focus on Microsoft
w2k server compromised Jan 23 2003 08:16AM Dan Uscatu (duscatu lunatech ro) (4 replies) RE: w2k server compromised Jan 23 2003 10:07PM james leafgrove com (James D Stallard) (1 replies) IIS 5.0 and Digest Authentication Jan 27 2003 02:53PM Sarbjit Singh Gill (ssgill gilltechnologies com) (1 replies) |
|
|
Privacy Statement |
Storing passwords in reversible encryption as I have been told is not a good
Idea. But it is the only way to allow digest authentication on the IIS
server which is safer then basic authentication.
Are you using part of the IIS system that you need authentication on?
Will the challenge/response mechanism of integrated authentication not
suffice?
Dave
Dave Kleiman
dave (at) netmedic (dot) net [email concealed]
www.netmedic.net
-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill (at) gilltechnologies (dot) com [email concealed]]
Sent: Monday, January 27, 2003 09:54
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: IIS 5.0 and Digest Authentication
Greetings,
Just wanted to enquire the following:
On IIS5.0, on a DC(win2k), if we right click the properties of web
page/virtual directory using Internet Service Manager, under the security,
the digest authentication is sometimes greyed out. We may be in native/mixed
mode does not matter.
If you go and set for any one user properties 'store passwd in reversible
encryption' the digest
authentication option may get highlighted. Actually, this is also not true
all the times, as I have
noticed, this security option is on/off from machine to machine i.e DC to
DC.
Kind Regards
Gill
[ reply ]