none
Sharepoint Configuration - Information Disclosure? RRS feed

  • Question

  • I'm a sharepoint developer and recently detected that the site i've developed has an security issue related to configuration information disclosure.
    In a public anonymous web site, unauthorized users can access to /_layouts/enhancedsearch.aspx.
    This is true for any MOSS public web site.
    e.g: http://sharepoint.microsoft.com/_layouts/enhancedsearch.aspx

    With this behaviour, an anonymous user can see the enhanced search configuration. This is the expected behaviour, or a WSS/MOSS security issue?

    • Moved by Mike Walsh FIN Monday, June 29, 2009 9:37 AM admin q (From:SharePoint - Design and Customization)
    Monday, June 29, 2009 8:54 AM

Answers

  • If you give anonymous access to the entire site, some system pages may be visible. Not sure what your application is, but have you looked at the Community Kit for SharePoint? This CodePlex project has solved many of these issues.

    Scot

    Monday, June 29, 2009 12:27 PM

All replies