Storing ASP Pages in Windows SharePoint Services Document Library May Expose Sensitive Information (830980)


The information in this article applies to:

  • Microsoft Windows SharePoint Services
  • Microsoft Office SharePoint Portal Server 2003

SUMMARY

If you add an Active Server Pages (ASP) page to a Microsoft Windows SharePoint Services document library, you may make sensitive information available to all users with access to the document library.

MORE INFORMATION

Documents that you add to a Windows SharePoint Services document library can be opened by any text editor and the documents' contents can be viewed. ASP pages may store sensitive information such as logon identities and the corresponding passwords for these identities. Therefore, if you add an ASP page to a Windows SharePoint Services document library, all users who have access this document library can also view the whole contents of the ASP page.

Microsoft recommends that you do not use a Windows SharePoint Services document library in this manner. If you must reference an ASP page from a document library, do so only through a hyperlink on a page that is stored in the document library. More architecture information is available in the Microsoft Windows SharePoint Services Administrators Guide.

For more information about how to install, configure, and administer Windows SharePoint Services, see the Microsoft Windows SharePoint Services Administrator's Guide. To view the Microsoft Windows SharePoint Services Administrator's Guide, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/technologies/sharepoint/default.mspx

Modification Type:MinorLast Reviewed:1/9/2006
Keywords:kbweb kbinfo KB830980 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.