Re: NTFS rights not honored

From: Daniel O'Connell (onyxkirx_at_--NOSPAM--comcast.net)
Date: 12/16/03

  • Next message: Humber Consumer: "Question about FileDialog Permission" 
    Date: Tue, 16 Dec 2003 10:15:48 -0600

    "P$BiM(B Andreassen" <see@signature.for.email> wrote in message
    news:Xns94536C41ADAB7cnnynaqernffragevzna@207.46.248.16...
    > Running Windows 2003 Server
    > Framework 1.1
    >
    > A site is configured to use integrated security (in IIS 6)
    > Windows autentication and user impersonation in web.config
    > <identity impersonate="true" />
    > <authentication mode="Windows" />
    >
    > I've got a ASPX page that lists folders and files from a predefined
    > location on the server. These folders and files have access rights set to
    > them by NTFS security. The problem is that everyone can see every file
    > and
    > folder, even though NTFS does not permit them.
    >
    > How can I expose a file structure for browsing through ASP.NET and
    > still honouring NTFS file rights?
    >
    As I recall, NTFS makes no effort to hide files you have no access to from
    you, it simply will not let you access them. You need go no further than
    your own C(or whatever drive has windows anyway) drive to find that. In
    c:\documents and settings\ you can see other users folders, and you can see
    the c:\system volume information folder(assuming you have hidden files
    showing).
    It is an annoyance but a feature thats still missing in ntfs5 and win2k\xp.
    There is a level of hope that it will be added in Longhorn. I assume that is
    what you mean, or can they open files as well?

    However, you could probably modify your aspx page to filter based on
    permissions, you will simply need to get ahold of the user token and do file
    security checks. I am surei ts possible but I don't know how. I will do some
    research shortly and see what I can come up with.

    If all users can open all files, then there is a deeper security problem at
    hand, in which case I would recommend posting to the security newsgroups for
    help.
    > --
    > P$BiM(B Andreassen
    > cnny.naqernffra@gevznarg.ab
    > (ROT13 to reply)

  • Next message: Humber Consumer: "Question about FileDialog Permission"

    Relevant Pages

    • Re: Is it really true that NTFS is secure?
      ... though getting Snort to alert just on interesting events on a Windows server ... Other things to do to look for the source of the hacking and secure your ... on Prof full time now and I am battling security it seems every hour. ... though I'm not sure this has to do with NTFS. ...
      (microsoft.public.security)
    • Re: If St. Peter were a human resources manager...
      ... to boot a linux disk and reset the password on her NTFS ... partition and reboot back around into Windows. ... Windows security" with a smile on my face. ...
      (comp.programming)
    • Re: Cant access data under my profile in my old hard drive
      ... that also means NTFS was used. ... installing the drive in a Windows 9x computer ... Generally you do not bypass one security feature with a lesser ...
      (microsoft.public.windowsxp.security_admin)
    • Re: What are the ~DFnnnn.tmp files?
      ... Is there a security risk in getting ... >opened, in various folders. ... NTFS is only available in Windows NT / ... kiosk window openned after signin so that after the client ...
      (microsoft.public.security)
    • Re: Individual shared Folder access
      ... give them the appropriate permissions in ntfs security. ... Search Google and TechNet for "ntfs permissions" for more ... > folders for various persons. ...
      (microsoft.public.win2000.security)