Showing posts with label Sharepoint 2007. Show all posts
Showing posts with label Sharepoint 2007. Show all posts

Thursday, April 5, 2012

SharePoint prompts user for credentials (login/password)


In MOSS - I found this could be due to following reasons:
  1. If you are not using proper authentication in IIS for web app, in this use integrated authentication.
  2. It may due to proxy settings(if you are using a proxy server (intranet)) , in this case go to tools in IE--> internet options --> connection--.LAN settings --> advanced --.> exception. Add the site over there.
  3. If you have sync setup with mysite or lists with your outlook, in this remove it from your Outlook profile.
  4. due to IE unable to authenticate user when using IE 7 and 8 with SP 2007.  To fix that follow these steps.
  • Go to Internet Options -> Security tab
  • Select Trusted sites Zone -> Click on Sites ->Add the SP site to Trusted Sites. (http://*.yourdomain)
  • Then check the settings under Custom Level (for trusted sites) - scroll to the bottom and look at the Security settings for User Authentication. Make sure it's set to Auto Logon with current user name and password.
  • Click OK and OK again. Restart IE and try your site.
If SharePoint prompt when opening Office documents, try this registry change:
  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  3. On the Edit menu, point to New, and then click Multi-String Value.
  4. Type AuthForwardServerList, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. In the Value data box, type in the following:
  7. http://*.your domain
  8. Exit Registry Editor
Posted by at No comments:
Labels:

Thursday, March 29, 2012

Protect SharePoint from Framesniffing Attack


What is Framesniffing attack?
The Framesniffing technique uses an HTML iframe to load a target website inside of an attacker’s webpage. All web browsers have security restrictions that prevent a webpage from directly reading the contents of pages loaded in frames. However, this attack bypasses those measures, allowing a malicious webpage to read certain pieces of information about the structure of a framed page, by using anchor elements.

How does it affect SharePoint?
Even though SharePoint is accessible on internal network, but it’s loading in web browser. By default, SharePoint 2007 and 2010 do not send the X-Frame-Options header. This means that any website that knows the URL of organisation’s SharePoint can load it in an iframe. This attack works by checking for anchors on search result pages.

Watch this demo how Framesniffing works with SharePoint - http://www.contextis.co.uk/research/blog/framesniffing/

The video shows an attacker extracting sensitive information from a fictional corporate SharePoint installation. The attacker then searches the server to discover crucial information about upcoming acquisition. To achieve this, the attacker first lures a user with access to the SharePoint server to a malicious web page. While the user is viewing the page, the attacker uses the Framesniffing to infer information from the SharePoint server through their web browser.

What Microsoft Says about this vulnerability?
“We have concluded our investigation and determined that this is by-design in current versions of SharePoint. We are working to set the X-Frame options in the next version of SharePoint”.

How to protect SharePoint against Framesniffing?
Websites can protect themselves against Framesniffing attacks by sending the X-Frame-Options HTTP header. Protecting SharePoint from this attack is a simple matter of adding the X-Frame-Options header.
Following steps describe how to add the custom header in IIS7. This is for SharePoint as an example, but the instructions will work for any site:
  1. Open IIS Manager (Run > InetMgr)
  2. In the left pane navigate to the relevant web site ( SharePoint – 80)
  3. In the right pane Select the ‘Features View’ present at lower left corner
  4. Double-click the ‘HTTP Response Headers’ icon
  5. Click the ‘Add…’ link in the right pane
  6. Enter ‘X-Frame-Options’ in the name field and ‘SAMEORIGIN’ in the value field. Hit OK.
Note – This setting will prevent SharePoint from being open in frame, it could potentially break SharePoint in some setups – for example if another intranet application uses SharePoint via a frame. Be sure to test this change before putting it into production.

Browser Protection against Framesniffing Attacks
Users of the Firefox browser are already protected against Framesniffing. However the latest versions of Internet Explorer, Chrome and Safari are still vulnerable to these attacks.
Posted by at No comments:
Labels: ,

Thursday, March 1, 2012

CU for MOSS 2007 and WSS 3.0

Check out the New updates (Feb 2012 CU) for MOSS 2007 and WSS 3.0 

Microsoft Office SharePoint Sever 2007

Feb 2012 CU
Version:12.0.6658.5000
Link:2597958
  
WSS 3.0
Feb 2012 CU
Version:12.0.6658.5000
Link:2597959
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)