11, 2004 4:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
I concur. And frankly, those aren't all that secure to begin
with, so I
don't see it as a huge deal.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr
Inc.
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 8:10 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
NO, they click on a button that does it for them.
-Original Message-
From: Coleman
PROTECTED]'
Subject:RE: [ActiveDir] MS04-004
Let me ask you this - are they accessing OWA over an SSL connection?
Not that it matters - since you're encapsulating the username and password
as part of the URL, its not secure. IIRC, the URL is NEVER encrypted via
SSL. So, you're passing username
Title: RE: [ActiveDir] MS04-004
Thanks
-Original
Message-
From: Kern, Tom
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004
4:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MS04-004
It works via FTPing thru
IE and entering a username/password in the dialog
NO, they click on a button that does it for them.
-Original Message-
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 5:30 PM
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] MS04-004
So your users can remember to type
http://username
Title: RE: [ActiveDir] MS04-004
Anyone know if this also applies to ftp connections too. On the SMS list one guy says it does and others say it doesn't? I haven't deployed the patch yet but plan on doing it soon.
Mike
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL
Title: RE: [ActiveDir] MS04-004
According to russ cooper on ntbugtraq, it
does.
-Original Message-
From: Celone, Mike
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004
3:36 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
Anyone know if this also
According to KB834489
(http://support.microsoft.com/default.aspx?scid=kb;en-us;834489), it only
applies to HTTP/HTTPS
Hunter
From: Celone, Mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 1:36 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir
Is there anyway to permit the basic authentication after it is installed?
-Original Message-
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 3:47 PM
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] MS04-004
According to KB834489
(http
so does this have any affect on the dialog box IE shows you for basic auth? does that
still work?
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 3:49 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
Is there anyway
11, 2004 1:49 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
Is there anyway to permit the basic authentication after it is installed?
-Original Message-
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 3:47 PM
To: '[EMAIL
Title: RE: [ActiveDir] MS04-004
If it applies to ftp they how are people going to FTP?
-Original
Message-
From: Kern, Tom
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004
3:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MS04-004
According to russ cooper
PROTECTED]
Subject:RE: [ActiveDir] MS04-004
so does this have any affect on the dialog box IE shows you for basic auth?
does that still work?
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 3:49 PM
To: '[EMAIL PROTECTED
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, February 11, 2004 3:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MS04-004
so does this have any affect on the dialog box IE shows you for basic
auth? does that still work
Celone, Mike wrote:
Anyone know if this also applies to ftp connections too. On the SMS
list one guy says it does and others say it doesn't? I haven't deployed
the patch yet but plan on doing it soon.
It doesn't affect FTP
--
Tomasz Onyszko [MVP]- [EMAIL PROTECTED]
http://www.w2k.pl
List
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 4:04 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
It should only affect URLs that embed user names and
passwords. Otherwise, I
don't see anything that would bugger up basic authentication.
But let us
know what you
.
-Original Message-From: Salandra, Justin
A. [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 11,
2004 4:06 PMTo: '[EMAIL PROTECTED]'Subject:
RE: [ActiveDir] MS04-004
If it
applies to ftp they how are people going to
FTP?
-Original
Message-From
Salandra, Justin A. wrote:
Is there anyway to permit the basic authentication after it is installed?
This patch doesn't remove support but its give You a decison, You want
or You don't want to use URLS in http(s)://user:[EMAIL PROTECTED] This
is well described in KB834489
just finished testing it.
it works fine with the dialog box.
-Original Message-
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 4:04 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
It should only affect URLs that embed user names
Salandra, Justin A. wrote:
If it applies to ftp they how are people going to FTP?
If You don't supply user credentials in FTP url IE simply show You a
window where You can enter You username and password.
MS04-004 blocks only specific URL synatax, not basic authentication at all.
--
Tomasz
Title: RE: [ActiveDir] MS04-004
It works via FTPing
thru IE and entering a username/password in the dialog box.
-Original Message-
From: Salandra, Justin A.
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004
4:06 PM
To: '[EMAIL PROTECTED]'
Subject: RE
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] MS04-004
I concur. And frankly, those aren't all that secure to begin with, so I
don't see it as a huge deal.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis
: Wednesday, February 11, 2004 2:38 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
Until we can do it another way it is a huge deal here at my company with
over hundreds of people accessing Outlook Web Access this way from home or
remote locations.
-Original Message-
From
PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-004
I concur. And frankly, those aren't all that secure to begin with, so I
don't see it as a huge deal.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis
24 matches
Mail list logo
