There are a couple of configuration changes that you can make to your iShare installation to ensure that security is really locked down. In recent versions of iShare (v5.2 onwards) some or all of these should be applied by default but they can also be manually applied to earlier versions.
...
This is configured via Internet Information Services (IIS).
IIS 7
In IIS7, in the Features View for your iShare site, click on Directory Browsing and ensure this is disabled.
IIS 6
In IIS6, navigate to the Home Directory tab for your iShare site and ensure that the Directory browsing tick box is un-ticked.
Switch off debug mode and custom errors in iShare web.config
...
Find the line <customErrors mode /> and ensure that this is set to “RemoteOnly” (line 28 in the example screenshot below).
Then find the line <compilation defaultLanguage=”c#” and ensure that debug is set to “false” (line 76 in the screenshot below).
