I have searched and read many queries, but few responses to the question -
IIS4, aPerl 5.6
A user browses to www server, triggers perl script. Perl script runs local
NT admin command or perl module against a remote NT server.
1. If authentication method is anon, and anon account has
permissions to remote server, then perl script receives info. Anybody in
the net can access all remote servers administration pages as an
administrator.
2. NT C/R - Only selected individuals may browse to page. (good)
IIS runs perl script with system account and remote server laughs at unknown
account (bad).
3. Clear text- Only selected individuals may browse to page.
Someone in internal net (I've caught some already) runs packet capture and
gets root access to all servers on my network.
4. SSL ?
In services applet, one may change the account used to run WWW publishing
service. I assume changing this is bad ?
Can apache running on NT help/ surpass this problem ?
Module that collects user key/sid and uses it to run next perl module ?
Jason Harris
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
