fatal security problem
From: Mike Schwarz (firstname.lastname@example.org)
- Next message: JD: "Re: WindowsPrincipal & m_roles"
- Previous message: Kipp Hawley: "Re: How to export an RSA public key blob"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mike Schwarz" <email@example.com> Date: Thu, 10 Oct 2002 20:00:12 +0200
i have framwork and sp2 installed
win2000 , ii5, sp3
i changed the user in config file process modell to user aspnet
with appropriate password
aspnet user is member of usergroup 'domain user' like the IUSR_machine
i have now a script which is able to browser all my web!
as aspnet user needs read/write permission to certain system folders, i can
even browse through this folders and open ASP files, which are not executed
but shown as code! so conx.asp files of databases are fully readable
how can i prevent anonymous users like aspnet and IUSR from browsing files
out of his wwwroot ?