cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IIS Cosign failure mode - security hole?
Read below correspondence for context. Basically, if IISCosign fails to
load this does not stop IIS from starting. Effectively this means a web
site can be running without cosign protection. In Apache you can set a
directive to prevent the http server from running if a module fails to
load. Does anybody know of an analogue in Windows/IIS that would allow
similar behavior? I'll look into it myself, but if somebody's already done
this it will greatly reduce my search time. :)
--University of Michigan
--IT Central Services
--On Monday, August 30, 2004 10:28 AM -0400 "Townsend, Paul"
> -----Original Message-----
> From: Wesley D Craig [mailto:wes@xxxxxxxxx]
> On 30 Aug 2004, at 09:58, Townsend, Paul wrote:
>> It seems to me that the failure mode should be "nobody gets
>> rather than "everybody gets everything". i.e. if Cosign
> can't find or
>> parse the config file, it should still load into the IIS
> process but
>> block all requests and return an error message.
>> Maybe I'm missing something here. Does the Apache version
> have this
>> behavior? Is there some other setting that I'm unaware of?
> In apache, if you've used cosign-specific commands in the
> config file,
> then apache will not run if the module is not there. One can
> write the
> configuration to test that cosign is loaded before using the
> cosign-specific commands, but that gives you the failure mode
> that you don't want.
IOW, you can set up apache so that it won't run unless the Cosign module
is present. Good.
Anybody have any idea how to do this (or something similar) in IIS?