Posts Tagged ‘feature’
ViewFormPagesLockDown Does not Kick In
Hardening your internet-facing MOSS installation is essential to avoid attacks. Check out Microsoft’s excellent guide which takes you through most of the steps required to shield your portal against intruders.
However, if your portal wasn’t born as a publishing portal, all anonymous users will have access to AllItems.aspx, DispForm.aspx and other pages that you probably don’t want outside users to see. For instance, you may have created a newsletter signup web part which posts data to a list (using elevation). In time, the list fills up with more or less sensitive information about your newsletter subscribers and you probably don’t want this information to end up in the wrong hands.
Unfortunately, it is quite easy for someone with just a litte SharePoint experience to guess the path to e.g. the AllItems.aspx page of a SharePoint list:
And if your portal is not locked down, all list items will be there for the taking.
ViewFormPagesLockDown
Stsadm comes to the rescue yet again. To activate the lockdown, simply run this stsadm command:
stsadm -o activatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml
If you get the “Operation completed successfully”-message, you’re in business.
Well, almost…
The final step
You’ll probably find that the new feature still hasn’t kicked in. Fear not, you simply need to deactivate and reactivate anonymous access on the portal.
