Sharepoint Security
Hello, I would like to hear feedback from the community regarding Sharepoint's security. We are planning a Sharepoint Site for a client that will be accessible from the net and we want to make sure it's as secure as possible. We are planning to take the following precautions: 1. We are using HTTPS with 2048 bit key to access the site 2. We have a warning message to user warning them about shoulder surfers 3. We have an internet facing router so only HTTPS 443 is open 4. We require strong passwords backed up by GP's My questions are as follows: Is there any known SQL injection that target Sharepoint DB's? (We are not using SQL Server but rather the bundled SQL Express) What other security risks should I look out for? We have a public site with anonymous access and when users log in the internal site links appear based on permissions. Is this secure or it it better to have two separate sites? Tks, Nakie Naki K. / Falcon IT Services
May 25th, 2011 10:58pm

As always use the latest SPs and CUs. There are a number of ecommerce sites using SharePoint like Hawaiian Airlines. However, the over all security of SharePoint is in your design. Though you can mix authenticated and anonymous users unless its being used only content thats supposed to published to the internet why would you?? Use FBA in SP2007. I think you may mean passwords are enforced by GPOs... -Ivan Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2011 4:22am

As always use the latest SPs and CUs. There are a number of ecommerce sites using SharePoint like Hawaiian Airlines. However, the over all security of SharePoint is in your design. Though you can mix authenticated and anonymous users unless its being used only content thats supposed to published to the internet why would you?? Use FBA in SP2007 and Claims Authentication for SP2010. I think you may mean passwords are enforced by GPOs... -Ivan Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
June 19th, 2011 4:23am

Hi, Please let us know if the replies were helpful or your question was answered and if the issue has beeen resoleved so we can close the post. -IvanIvan Sanders My LinkedIn Profile, My Blog, @iasanders.
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2011 3:29am

Hi, Please let us know if the replies were helpful or your question was answered and if the issue has beeen resoleved so we can close the post. -IvanIvan Sanders My LinkedIn Profile, My Blog, @iasanders.
July 3rd, 2011 3:29am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics