RE: write permissions for IIS

From: busu (
Date: 03/19/03

  • Next message: lassal: "RE: write permissions for IIS"
    From: "busu" <>
    To: <>
    Date: Wed, 19 Mar 2003 20:17:41 +1100


    I am looking to configure ISA server in reverse proxy configuration.
    Any pointers for configuration file? Also any specific lockdown of OS
    and IIS on ISA server? Thank you

    This mailbox protected from junk email by Matador
    from MailFrontier, Inc.

    -----Original Message-----
    From: Deus, Attonbitus []
    Sent: Thursday, 18 July 2002 4:40 AM
    To: Matej Pfajfar;
    Subject: Re: write permissions for IIS

    Hash: SHA1

    At 05:02 AM 7/17/2002, Matej Pfajfar wrote:

    >A web application that my company is developing needs to create MS Word
    >documents on the fly. It seems that these need to be saved onto disk
    >before being shoved down the pipe to the browser, which requires IIS to
    >given write permissions to a directorz that is readable from the web.
    >I know this isn't quite right for security but it seems that there
    isn't a
    >choice - are there any extra precautions we could take? Have other
    >found this problem as well?

    Depending on the web application configuration pooling, you could set up
    COM+ component in Component Services to run under the context of a
    user- this user/process could be given write-only access to the doc
    directory but not read or execute. The IUSR account could then be given

    read-only access (specifically denying write and execute) to it to
    possible permission abuse. I think it would take some tweaking, but it


    Version: PGP 7.1

    -----END PGP SIGNATURE-----

    ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data!
    It's as simple as placing additional SQL commands into a Web Form input
    box giving hackers complete access to all your backend systems!

  • Next message: lassal: "RE: write permissions for IIS"

    Relevant Pages

    • Re: isa and sql
      ... This articule is the one that I used to get throug the configuration ( ... The port 1433 tcp is configured, and I see it at the log of the isa ... I'm sure that the problen recide at the redirection of the isa to the sql ... I used the sql client from the isa server and I could connect, ...
    • ISA server on single server?
      ... If I have only one machine that will run all my apps -- Exchange, SQL, IIS, ... can I take advantage of ISA server for security? ...
    • Re: Sharepoint IIS settings gone
      ... Sharepoint stores documents within SQL database, ... Are you sure your IIS settings are gone? ... IIS backups up the present ... "backup/restore configuration" under the actions menu. ...
    • Re: DCOM calls fails - access denied
      ... That's exactly how I understood the ASP.NET security. ... But why does one configuration work but not the other? ... should get the token from IIS. ... If you set there a domain account, ...
    • Re: WCF webservice over SSL and without
      ... encryption/signature is handled by SOAP instead of HTTP (IIS) and should be ... I'm assuming there's some point of endpoint configuration I need to do. ... Are you going to use SSL over Http(the most common and convenient ... Microsoft MSDN Online Support Lead ...