iShare Security

There are a couple of configuration changes that you can make to your iShare installation to ensure that security is really locked down. In recent versions of iShare (v5.2 onwards) some or all of these should be applied by default but they can also be manually applied to earlier versions.

The following steps relate to iShare Web [iShare Maps] but could equally be applied to iShare Web Services, and iShare GIS.

Switch off Directory browsing in the iShare directories

This is configured via Internet Information Services (IIS).

IIS 7

In IIS7, in the Features View for your iShare site, click on Directory Browsing and ensure this is disabled.

IIS 6

In IIS6, navigate to the Home Directory tab for your iShare site and ensure that the Directory browsing tick box is un-ticked.

Switch off debug mode and custom errors in iShare web.config

Navigate to the iShare Web directory and open the file web.config with a text editor. You might wish to take a backup of this file before editing it!

You will need to restart the iShare Web application pools for these changes to be propagated.

Find the line <customErrors mode /> and ensure that this is set to “RemoteOnly” (line 28 in the example screenshot below).

Then find the line <compilation defaultLanguage=”c#” and ensure that debug is set to false (line 76 in the screenshot below).