Hi, The SQLMembershipProvider does include that functionality to lockout a user after a number of failed login attempts.
Wes -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: March-30-09 6:18 AM To: [email protected] Cc: [email protected] Subject: RE: Sharepoint security concern Hi Jeremy That is correct if they can find out the admin username and password the damage will be much more significant. Is SSL enough to protect public facing sharepoint site? Is there anyway we can implement something similar to windows AD when user has attempted to login for 3 times the account will be automatically locked out? Regards, Christian Jeremy Thake <jeremy.th...@rea dify.net> To Sent by: "[email protected]" [email protected] <[email protected]> cc 03/30/2009 01:46 Subject PM RE: Sharepoint security concern Please respond to [email protected] The end users may have access to the web services, but unless their user account has access to update the list item in SharePoint they will not be able to update it. "providing they can find out the username and password" -> if they can get the admin username and password, they can do significantly more damage via the web user interface. You can lock down the web services using firewall/ISA rules to just simply block them. Just be wary that SharePoint Designer consumes these to talk to SharePoint. Cheers, Jeremy -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, 30 March 2009 1:31 PM To: [email protected] Subject: Sharepoint security concern Hi All, I am currently working on a public facing Sharepoint site project and are facing abit of problem in determining the best way to achieve one of the requirement from the client. The site will be implementing SSL and form based authentication and the client has no issue over that proposal however they are concerned about web services in Sharepoint as everybody will be able to access the web services and update the list item, providing they can find out the username and password. Is there anyway we can lock down the web services, for example only allow one IP to update the list items or is there any better way in doing this type of restriction? Regards, Chris ===================================================================== Disclaimer: This message is intended only for the use of the person to whom it is expressly addressed and may contain information that is confidential and legally privileged. If you are not the intended recipient, you are hereby notified that any use, reliance on, reference to, review, disclosure or copying of the message and the information it contains for any purpose is prohibited. If you have received this message in error, please notify the sender by reply e-mail of the misdelivery and delete all its contents. Opinions, conclusions and other information in this message that do not relate to the official business of the Company shall be understood as neither given nor endorsed by it. -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.31/2029 - Release Date: 03/29/09 16:56:00 -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists ===================================================================== Disclaimer: This message is intended only for the use of the person to whom it is expressly addressed and may contain information that is confidential and legally privileged. If you are not the intended recipient, you are hereby notified that any use, reliance on, reference to, review, disclosure or copying of the message and the information it contains for any purpose is prohibited. If you have received this message in error, please notify the sender by reply e-mail of the misdelivery and delete all its contents. Opinions, conclusions and other information in this message that do not relate to the official business of the Company shall be understood as neither given nor endorsed by it. -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists
