RE: IIS Cosign failure mode - security hole?

[Jarod Malestein <jarod@xxxxxxxxx>]

Read below correspondence for context.  Basically, if IISCosign fails to 
load this does not stop IIS from starting.  Effectively this means a web 
site can be running without cosign protection.  In Apache you can set a 
directive to prevent the http server from running if a module fails to 
load.  Does anybody know of an analogue in Windows/IIS that would allow 
similar behavior?  I'll look into it myself, but if somebody's already done 
this it will greatly reduce my search time. :)

--Jarod Malestein
--University of Michigan
--IT Central Services


--On Monday, August 30, 2004 10:28 AM -0400 "Townsend, Paul" 
<townsend@xxxxxxxxxxxxx> wrote:

> > -----Original Message-----
> > From: Wesley D Craig [mailto:wes@xxxxxxxxx]
> >
> > On 30 Aug 2004, at 09:58, Townsend, Paul wrote:
> >> It seems to me that the failure mode should be "nobody gets
> > anything"
> >> rather than "everybody gets everything".  i.e. if Cosign
> > can't find or
> >> parse the config file, it should still load into the IIS
> > process but
> >> block all requests and return an error message.
> >>
> >> Maybe I'm missing something here.  Does the Apache version
> > have this
> >> behavior?  Is there some other setting that I'm unaware of?
> >
> > In apache, if you've used cosign-specific commands in the
> > config file,
> > then apache will not run if the module is not there.  One can
> > write the
> > configuration to test that cosign is loaded before using the
> > cosign-specific commands, but that gives you the failure mode
> > that you don't want.
>
> IOW, you can set up apache so that it won't run unless the Cosign module
> is present.  Good.
>
> Anybody have any idea how to do this (or something similar) in IIS?
>
> -Paul