How secure is IIS security on webpages?

  Sir Radfordin 23:42 03 Feb 2005

I need to restrict access to some webpages on a 1&1 webserver (Windows/ASP) This can be done through the control panel and when you try and access the files within the protected folder you are prompted for the username and password. Just wondered how secure this really is?

Obviously it isn't a https:// connection so the traffic won't be encrypted (not a major problem as it is more about restricing access rather than for sensitive data) but would it be easy to crack?

  Sir Radfordin 14:20 04 Feb 2005

The sign in screen is a Windows one that I've seen on other systems so am fairly happy that it works. You get a normal IIS error page when you put the wrong username/password in.

Cached passwords will always be a problem even on secure systems with HTTPS:// pages so not going to worry about that.

It is going to be a fairly select group of people accessing the pages so again that shouldn't be a problem. Just wanted to know if you did something like pressing shift+esc whilst standing on your head it would let you in!

  Forum Editor 17:18 04 Feb 2005

you'll enjoy better protection if you employ strong passwords.

I'm sure you know this, but any password can be cracked in time - the simpler the word, the easier it is to crack. Password crackers almost always operate by looking for dictionary words, or words which resemble dictionary words, so alpha-numeric passwords are far stronger.

For instance - sirradfordin would be cracked fairly rapidly, but 3irr4df0rd1n would be almost impossible using normal methods. Use alpha-numerics and your folders will be very well protected - certaionly as far as your restricted access requirement is concerned.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Illustrator Charles Williams on how to create magazines and book covers

iMac Pro review

Les meilleures prises CPL (2018)