Microsoft KB Archive/830980

= Storing ASP pages in Windows SharePoint Services document library may expose sensitive information =

Article ID: 830980

Article Last Modified on 9/26/2007

-

APPLIES TO


 * Microsoft Office SharePoint Server 2007
 * Microsoft Office SharePoint Portal Server 2003
 * Microsoft Windows SharePoint Services

-



SUMMARY
If you add an Active Server Pages (ASP) page to a Microsoft Windows SharePoint Services document library, you may make sensitive information available to all users who have access to the document library.



MORE INFORMATION
Documents that you add to a Windows SharePoint Services document library can be opened by any text editor and the documents' contents can be viewed. ASP pages may store sensitive information such as logon identities and the corresponding passwords for these identities. Therefore, if you add an ASP page to a Windows SharePoint Services document library, all users who have access this document library can also view the whole contents of the ASP page.

We recommend that you do not use a Windows SharePoint Services document library in this manner. If you must reference an ASP page from a document library, do so only through a hyperlink on a page that is stored in the document library. More architecture information is available in the Microsoft Windows SharePoint Services Administrators Guide.

For more information about how to install, to configure, and to administer Windows SharePoint Services, see the Microsoft Windows SharePoint Services Administrator's Guide. To do this, visit the following Microsoft Web site:

http://technet.microsoft.com/windowsserver/sharepoint/default.aspx

For more information about how to install, to configure, and to administer Microsoft Windows SharePoint Services 3.0, visit the following Microsoft Web site:

http://technet2.microsoft.com/windowsserver/WSS/en/library/b9490b1a-45de-45fd-9f4c-754dab1383e61033.mspx

Additional query words: WSS FP UDC WSSv3 MOSS2007

Keywords: kbinfo kbweb KB830980

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.