Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / IIS / IIS Security / February 2006

Tip: Looking for answers? Try searching our database.

file system object

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
jasminess - 22 Feb 2006 14:49 GMT
hello. i disabled the file system object for my iis 6. but i have a search
code for my site  written by asp that uses the fso.
if  i enable fso,  other users who upload their files by ftp to server read
others files, server's system info, drives etc.
how can stop this. can i enable fso for some spesific users?

Reply to this Message
Ken Schaefer - 23 Feb 2006 01:34 GMT
You could set NTFS permissions so that only some users can access the
scrrun.dll file

Or you could set NTFS permssions on all the content so that only the
properly authorised users can read it using the FSO

Cheers
Ken

: hello. i disabled the file system object for my iis 6. but i have a search
: code for my site  written by asp that uses the fso.
: if  i enable fso,  other users who upload their files by ftp to server read
: others files, server's system info, drives etc.
: how can stop this. can i enable fso for some spesific users?
Reply to this Message
jasminess - 23 Feb 2006 14:58 GMT
i have a few web site which users upload  files by ftp. and everyone has
execute access for asp.
if someone upload such that code and gets my system info how can i stop
this.? i have a search page with asp code .if i disable fso my search page
doesnt work
is tehere a way to accomplish this without disabling the fso.

> You could set NTFS permissions so that only some users can access the
> scrrun.dll file
[quoted text clipped - 12 lines]
> : others files, server's system info, drives etc.
> : how can stop this. can i enable fso for some spesific users?
Reply to this Message
Daniel Crichton - 23 Feb 2006 16:59 GMT
jasminess wrote  on Thu, 23 Feb 2006 16:59:00 +0200:

> i have a few web site which users upload  files by ftp. and everyone has
> execute access for asp.
> if someone upload such that code and gets my system info how can i stop
> this.? i have a search page with asp code .if i disable fso my search page
> doesnt work
> is tehere a way to accomplish this without disabling the fso.

Run each site under a different user account. Only allow each account access
to the directories/files for that site.

Dan
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.