Page 1 of 1
File server search description permissions
Posted: Wed May 24, 2006 9:53 am
by KevB
I've just created a new walk on a file server. When I do a "live search" for a keyword in a test document which my current username does not have permissions to, it still shows the document as a response, as well as the first couple lines of text. I was under the impression that the search should not respond with a document which you do not have access to. Some documents can contain sensitive information in the first couple lines of text, so this is a huge concern for us. Is there a setting I'm missing? The file is on a Windows 2003 server. Thanks in advance for any help.
File server search description permissions
Posted: Wed May 24, 2006 10:35 am
by mark
Do you have result authorization turned on in the search settings?
File server search description permissions
Posted: Thu Jun 01, 2006 2:59 pm
by KevB
I did not have the Authorization Method turned on. I went into the search settings and selected Basic/NTLM/file - prompt via form. However, now when I try a test search and enter my username and password I receive a blank results screen? Also, what type of authentication does it use, the basic or the ntlm? If we are going to use the authentication feature, should it be over https? Thanks for the help.
File server search description permissions
Posted: Thu Jun 01, 2006 5:26 pm
by mark
Completely blank, or a normal search result page minus any result items? If no results click Logout and try again making sure to type the password correctly and that you're allowed to see some of the resulting files. You could use the Login Verification URL to distinguish empty results due to a bad password vs empty results due to not allowed to see any of the results.
It will use either basic or ntlm depending on what the backend requires. You can do it over https or not.
File server search description permissions
Posted: Fri Jun 02, 2006 11:38 am
by KevB
The search returns a normal search results page stating that "No documents match the query." I do have permissions to these specific documents. The files were returned using the same search term before turning on authentication. I tried authenticating using the format domain\username and just username. I'm new to this device, so I'm not sure how to setup the login verification url? Just as a side note, we use a minimum lm compatibility level of 3 on all clients. Could this cause the authentication not to work? Thanks again