RE: write permissions for IIS

From: busu (busu@tpg.com.au)
Date: 03/19/03

  • Next message: lassal: "RE: write permissions for IIS"
    From: "busu" <busu@tpg.com.au>
    To: <focus-ms@securityfocus.com>
    Date: Wed, 19 Mar 2003 20:17:41 +1100
    
    

    Hi,

    I am looking to configure ISA server in reverse proxy configuration.
    Any pointers for configuration file? Also any specific lockdown of OS
    and IIS on ISA server? Thank you
    cb

    ----------------------------------------------------
    This mailbox protected from junk email by Matador
    from MailFrontier, Inc. http://info.mailfrontier.com

    -----Original Message-----
    From: Deus, Attonbitus [mailto:Thor@HammerofGod.com]
    Sent: Thursday, 18 July 2002 4:40 AM
    To: Matej Pfajfar; focus-ms@securityfocus.com
    Subject: Re: write permissions for IIS

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    At 05:02 AM 7/17/2002, Matej Pfajfar wrote:

    >Hi,
    >
    >A web application that my company is developing needs to create MS Word
    >documents on the fly. It seems that these need to be saved onto disk
    >before being shoved down the pipe to the browser, which requires IIS to
    be
    >given write permissions to a directorz that is readable from the web.
    >
    >I know this isn't quite right for security but it seems that there
    isn't a
    >choice - are there any extra precautions we could take? Have other
    people
    >found this problem as well?

    Depending on the web application configuration pooling, you could set up
    a
    COM+ component in Component Services to run under the context of a
    specific
    user- this user/process could be given write-only access to the doc
    directory but not read or execute. The IUSR account could then be given

    read-only access (specifically denying write and execute) to it to
    mitigate
    possible permission abuse. I think it would take some tweaking, but it
    is
    doable.

    AD

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.1

    iQA/AwUBPTW6GYhsmyD15h5gEQLmYwCgw3LP07GaUi+fdnb6Cspg82JdJ6AAn1X+
    seYy9pU5Hmf0RoaWRSPPPv/F
    =UJR+
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------------
    ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
    It's as simple as placing additional SQL commands into a Web Form input
    box giving hackers complete access to all your backend systems!
    http://www.spidynamics.com/mktg/sqlinjection33


  • Next message: lassal: "RE: write permissions for IIS"

    Relevant Pages

    • Re: isa and sql
      ... This articule is the one that I used to get throug the configuration ( ... The port 1433 tcp is configured, and I see it at the log of the isa ... I'm sure that the problen recide at the redirection of the isa to the sql ... I used the sql client from the isa server and I could connect, ...
      (microsoft.public.isa.configuration)
    • ISA server on single server?
      ... If I have only one machine that will run all my apps -- Exchange, SQL, IIS, ... can I take advantage of ISA server for security? ...
      (microsoft.public.windows.server.sbs)
    • Re: Sharepoint IIS settings gone
      ... Sharepoint stores documents within SQL database, ... Are you sure your IIS settings are gone? ... IIS backups up the present ... "backup/restore configuration" under the actions menu. ...
      (microsoft.public.sharepoint.portalserver)
    • Re: DCOM calls fails - access denied
      ... That's exactly how I understood the ASP.NET security. ... But why does one configuration work but not the other? ... should get the token from IIS. ... If you set there a domain account, ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: WCF webservice over SSL and without
      ... encryption/signature is handled by SOAP instead of HTTP (IIS) and should be ... I'm assuming there's some point of endpoint configuration I need to do. ... Are you going to use SSL over Http(the most common and convenient ... Microsoft MSDN Online Support Lead ...
      (microsoft.public.dotnet.framework.webservices)