SP 2010发布网站匿名访问 [英] SP 2010 publishing site anonymous access
问题描述
您好,
我有一个向公众开放的SP 2010门户网站 - 发布网站。整个站点都启用了匿名访问。
有一个自定义主服务器,用户可以查看已发布的应用程序页面。
在应用程序页面上,他可以看到存储在库中的文档(指向该文档的链接)。
但是,如果用户编写了适当的URL(http://server_name/myList/AllItems.aspx),他就能看到整个文档库的内容。
他可以看到整个网站的内容,每个文档库的内容等。
好的,他只能看到它们,不要编辑它们,但那不行。这是安全隐患吗?而且我认为它不符合GDPR。
Hello Mario,
添加位置web.config中的标记,并指定要限制未经身份验证的用户访问的路径如下。
================ ================================================== ====
< location path =" / _ layouts / viewlsts.aspx">
&NBSP; &NBSP; < system.web>
&NBSP; &NBSP; &NBSP; <授权>
&NBSP; &NBSP; &NBSP; &NBSP; < deny users ="?" />
&NBSP; &NBSP; &NBSP; < / authorization>
&NBSP; &NBSP; < /system.web>
&NBSP; < / location>
< location path =" /Forms/AllItems.aspx">
&NBSP; &NBSP; < system.web>
&NBSP; &NBSP; &NBSP; <授权>
&NBSP; &NBSP; &NBSP; &NBSP; < deny users ="?" />
&NBSP; &NBSP; &NBSP; < / authorization>
&NBSP; &NBSP; < /system.web>
&NBSP; < /地点>
=========================================== ==========================
Hello,
I have one SP 2010 portal which is open to public - publishing site. Anonymous access is enabled on entire site.
There is a custom master and user is allowed to see application pages which are published.
On application pages, he can see documents which are stored in libraries (links to that documents).
But, if user writes appropriate URL (http://server_name/myList/AllItems.aspx), he is able to see the contents of entire document library.
He can see contents of entire site, contents of every document library, etc.
Ok, he can only see them, not edit them, but that is not ok. This is security risk isn't it? And it is not GDPR compliant I would say.
Hello Mario,
Add Location tag in web.config and specify the path which you want to restrict the access from unauthenticated users is as follows.
======================================================================
<location path="/_layouts/viewlsts.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="/Forms/AllItems.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>=====================================================================
这篇关于SP 2010发布网站匿名访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!