locked
Security risks of my Internet zone on Windows Sharepoint Services 3.0 RRS feed

  • Question

  • Hi,

    I recently had problems with the webaccess of my sharepoint environment. Fortunately people offered some good advise and helped me solve my problem. This topic.  

    Now thats done, I'm wondering if someone could give me any advise on security. Is the way I am working at this moment safe enough?

    I have the following settings on the sharepoint central administration:

    1.Zone Internet
    2.Verification type Windows
    3.Annonymous access enabled
    4.integrated Windows Authentication is OFF
    5.Basic verification is on
    6.Client integration is also on.
    The web browser connects to my proxy using https, the internal connection from the proxy to the webserver uses http.

    Note that the basic verification is required in order to have the authentication function well. If i do not use this setting I get loads of popup's due to the reverse proxy settings.

    Thanks in advance!

    Ben

    • Changed type Mike Walsh FIN Tuesday, August 16, 2011 2:35 PM q
    • Moved by Mike Walsh FIN Tuesday, August 16, 2011 2:36 PM This too is an admin question like your other thread (From:SharePoint - General Question and Answers and Discussion (pre-SharePoint 2010))
    Tuesday, August 16, 2011 2:04 PM

Answers

  • Hi  Ben,

     

    Basic authentication should not be considered secure for any particularly rigorous definition of secure. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text across the network. Basic authentication across an SSL(Secure Sockets Layer) connection will be secure, since everything is going to be encrypted, including the username and password .

     

    You can set to use Secure Sockets Layer when creating or extending a web application in the Security Configuration part .

     

    Thanks,


    Entan Ming
    Thursday, August 18, 2011 9:22 AM
    Moderator