Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I limit editing of web pages?

Status
Not open for further replies.
michko

michko

Programmer
Oct 24, 2002
18
0
0
US
Okay, the person who handles our web site is currently on vacation. I know next to nothing about web hosting or how security is set up on a web site. Here's my problem: it appears that anyone can edit our web site. I can access the site page from any pc (using ie), click on File, and drop down to "edit with Microsoft Word". Click on this, it opens Word and downloads the web page. I can then edit the page, and save it back to the web server. I know this is NOT a good thing. The site is hosted on a pc running WinNT(4) with IIS. I looked through the various security settings, but since I don't know what is correct, I was unable to spot anything glaringly out of the ordinary. Could someone give me an idea of what settings may be changed to correct this problem? Or even links to more information regarding security setup in this situation.
thanks for your time and assistance.
 
Sort by date Sort by votes
I personally use win xp pro, using IIS 5.0 as the webserver.

I'm not to up on winnt4, but I would suggest to upgrade your computer to either win 2003 server (which has IIS6) or win xp pro, using NTFS.

The security on winxp pro or 2003 server is great, to prevent external editing of a website the security of the folder that contains the website, needs to be changed to only allow admin write, I don't know how to do that on winnt4.
 
Upvote 0 Downvote
I'd love to upgrade this one and some other systems we have, but it's not going to happen within our current budget. Any other suggestions?
 
Upvote 0 Downvote
Use NTFS permissions and remove the Write permision for the group everyone, this will require that you use NTLM authentication.
 
Upvote 0 Downvote
This is what I suggest, basing the settings on winxp pro (winnt4 may have a similar procedure).

open 'my computer' then open the drive that has the website on it, then navigate to the folder that has the website, then right click on the folder, then select 'properties', then select the 'Security' tab, then place a check in the following 'allow' settings (unless otherwise specified):-

NOTE......You must have admin rights to change these settings)


Administrators..................full control
creator owner...................uncheck all the boxes
[computer name] admins..........List folder contents
[computer name] authors.........List folder contents
[computer name] browsers........List folder contents
SYSTEM..........................Full Control
[user account]..................Modify/Read&Execute/List Folder Contents/Read/Write
Users...........................Read&Execute/List Folder Contents/Read
Web Anonymous...................[deny] Write
Web Applications................[deny] Write

But remember YOU MUST HAVE ADMIN RIGHTS TO CHANGE THESE SETTINGS, and all accounts on the computer must be passworded.
 
Upvote 0 Downvote
usalabs3, While using NTFS permissions can protect the files from editing on a workstation or on a shared folder, anyone who can log-on to a NT based server will be an administrator or part of an administrative group as the default access permissions do not allow console logon otherwise.

Chris.

Indifference will be the downfall of mankind, but who cares?
A website that proves the cobblers kids adage.
Nightclub counting systems

So long, and thanks for all the fish.
 
Upvote 0 Downvote
Question:
Where is it asking you to save the editable file?

Chances are it's only to your local machine, and not actually allowing changes to be made to the hosted version on the server. Also, in the editing program, you should still only able to view the HTML source code, not including any asp(scripting), well plus all the junk code that MS Word will auto-add to the code. This is normal, to be able to view the source code, and edit it, but you should not be allowed to save any edited version back to the server. It is possible to block these viewing options, though I forget how, off hand. Unless you don't want people to view the source code, which usually isn't a big deal, you should be ok the way you are. Check to make sure it's only trying to save the page to the local machine(like in My Docs, etc.), if so, you should be ok.

ryandoah
 
Upvote 0 Downvote
Thanks everyone for all the help and suggestions. Usalabs3, you got it, permissions on the folder containing the web site were set to full control for Everyone. I changed permissions iaw your post and everything is back to normal. Thanks again!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
119
Aquiles Vidal
Aquiles Vidal
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
81
DeepuM
DeepuM
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
144
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
134
gbaughma
gbaughma
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
190
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top