Some users who install Snitz won't understand all the security issues when installing & configuring the system.
To make them more aware of some of the issues, I've got some code that could be inseted into admin_home.asp at line 64:
if strDBType = "access" then
if instr(strConnString, Server.MapPath("snitz_forums_2000.mdb"))> 0 then
Response.Write "<br /><table border=""1"" width=""100%"" bgcolor=""red"">" & vbNewLine & _
"<tr><td align=""center""><font color=""white"" size=""2"">" & _
"<b>WARNING:</b> The location of your access database may not be secure.<br /><br />" & _
"You should consider moving the database from <b>" & Server.MapPath("snitz_forums_2000.mdb") & "</b> to a directory not directly accessable via a URL" & _
" and/or renaming the database to another name." & _
"<br /><br /><i>(After moving or renaming your database, remember to change the strConnString setting in config.asp.)</i>" & _
"</font></td></tr>" & _
"</table><br />"
end if
end if
if strDBType = "sqlserver" then
if instr(lcase(strConnString), ";uid=sa;")> 0 then
Response.Write "<br /><table border=""1"" width=""100%"" bgcolor=""red"">" & vbNewLine & _
"<tr><td align=""center""><font color=""white"" size=""2"">" & _
"<b>WARNING:</b> You are connecting to your MS SQL Server database with the <b>sa</b> user.<br /><br />" & _
"After you have completed your installation, consider creating a new user with lower privileges" & _
" and use that to connect to the database instead." & _
"</font></td></tr>" & _
"</table><br />"
end if
end if
Which would warn them about common things that could be changed in their setup to improve security.
Topic Locked
Posted - 24 August 2002 : 06:24:21
Stop the WAR!
