Re: NTFS rights not honored
From: Pål Andreassen (see_at_signature.for.email)
Date: 12/16/03
- Next message: Andrew: "Permission Attribute"
- Previous message: seanerk: "Problem downloading .xls from MS 2003 web server"
- In reply to: Daniel O'Connell: "Re: NTFS rights not honored"
- Next in thread: Daniel O'Connell: "Re: NTFS rights not honored"
- Reply: Daniel O'Connell: "Re: NTFS rights not honored"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Dec 2003 10:17:04 -0800
"Daniel O'Connell" <onyxkirx@--NOSPAM--comcast.net> wrote in
news:uR#md$#wDHA.1744@TK2MSFTNGP12.phx.gbl:
> However, you could probably modify your aspx page to filter based on
> permissions, you will simply need to get ahold of the user token and
> do file security checks. I am surei ts possible but I don't know how.
> I will do some research shortly and see what I can come up with.
>
> If all users can open all files, then there is a deeper security
> problem at hand, in which case I would recommend posting to the
> security newsgroups for help.
Yes, not only are files visible, but also readable to everyone. I've
checked with System.Security that the currect user is logged in. I assume
it would return ASPNET if the request process was running in that user
context.
-- Paal Andreassen cnny.naqernffra@gevznarg.ab (ROT13 to reply)
- Next message: Andrew: "Permission Attribute"
- Previous message: seanerk: "Problem downloading .xls from MS 2003 web server"
- In reply to: Daniel O'Connell: "Re: NTFS rights not honored"
- Next in thread: Daniel O'Connell: "Re: NTFS rights not honored"
- Reply: Daniel O'Connell: "Re: NTFS rights not honored"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
