Re: EFS and IIS

From: BB (Bernard_at_3exp.com)
Date: 12/25/02 

From: "BB" <Bernard_at_3exp.com>
Date: Wed, 25 Dec 2002 11:27:35 +0800

and for you source code, use asp for presentation,
and com+ for business logic.

or another use compile dll format in .Net Framework.

Rgds.

"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:OSW35T3qCHA.428@TK2MSFTNGP09...
> NTFS permissions should be as secure as EFS for this purpose, I would
think
> [unless the server was physically stolen].
>
> Neither NTFS nor EFS necessarily protect against remote attacks such as
IIS
> buffer overflows where the attacker is able to gain System-equivalent
> permissions, if System is required to have permissions to those files.
>
> Also be sure to take the usual precautions, such as delete sample files
such
> as showcode.asp, save your include files as .ASP instead of .INC, etc.
etc.
> The typical stuff as mentioned at:
>
> http://securityadmin.info/faq.htm#harden and
> http://securityadmin.info
>
>
> "Jeremy Byrski" <Jeremy.Byrski@NOSPAM.vico-solutions.com> wrote in message
> news:uo$FG51qCHA.572@TK2MSFTNGP12...
> > Thanks Karl,
> >
> > The reason why we want to encrypt the files (they are actually ASP
files)
> is
> > that we are co locating in a hosting envirmoent, which is new to us.
> >
> > We want to try and protect the source code (ASP files) as much as
possible
> > from prying eyes..
> >
> > Can you think of any otherways apart from using EFS???
> >
> > Many thanks,
> > Jeremy
> >
> >
> > "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
> > news:#xTrlr1qCHA.2296@TK2MSFTNGP09...
> > > This doesn't sound like such a great idea, since AFAIK this isn't very
> > > commonly done and there's probably not a lot of documentation on this.
> > > Also, IIS may want to impersonate other identities at some future
point.
> > > For example, if Application Isolation on those files or folders is set
> to
> > > medium or high in the MMC, then the IWAM account is probably going to
be
> > > used instead of IUSR to run script such as .ASP You'd probably also
> have
> > to
> > > change or disable EFS if you wanted to use any other authentication
> > methods
> > > besides Anonymous, such as Basic or Windows Integrated. With just
> > > Anonymous, it's trickier to control who has permissions to see what
> file,
> > > everyone by default gets the same permissions without extra coding and
> > your
> > > own authentication scheme.
> > >
> > > Last, unless you're using SSL / HTTPS, your files are being decrypted
> and
> > > sent in plain text across the wire, and even if you are using SSL, the
> > files
> > > are most likely going to be cached on the local hard drive in plain
> text.
> > > Encrypting the files in one place while there are hundreds of other
> copies
> > > floating around on various client hard drives is arguably of limited
> use.
> > >
> > > To try to investigate your problem, you could try enabling auditing on
> the
> > > files to confirm that the account you think is being used is the one
> that
> > is
> > > really being used.
> > >
> > > http://securityadmin.info/faq.htm#auditing
> > >
> > >
> > >
> > > "Jeremy Byrski" <Jeremy.Byrski@NOSPAM.vico-solutions.com> wrote in
> message
> > > news:#ALGoi1qCHA.2476@TK2MSFTNGP10...
> > > > Hello,
> > > >
> > > > Has anyone have an experience of encryping webpages (HTML) using EFS
> on
> > a
> > > > Windows 2000 Server Running IISv5.
> > > >
> > > > I've encrypted a website, as Iusr_X, but as soon as i log out of the
> > > > console, the IIS server takes an absolute age to present any info to
a
> > > > browser, as soon as i login again as Iusr_X, its back to normal
speed.
> > > (This
> > > > is on our 100Mbit LAN)
> > > >
> > > > The Virtual Server is setup in Isolated mode
> > > >
> > > > Any Ideas?
> > > >
> > > > Thanks,
> > > > Jeremy
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • The scope of Everyone, Auth Users and IUSR_Machine accounts
    ... I´m testing a web site hosted on a Win2003 machine with diverse content (asp, ... changing NTFS permissions (IIS permissions is ... Everyone or Users is permitted on ACLs. ... why it can access even without proper NTFS permissions? ...
    (microsoft.public.inetserver.iis.security)
  • Re: FolderExists and UNC path
    ... Traditionally ASP uses the IUSR_account so try mapping a drive using that username and password or assigning permissions to that account or changing to a different one if you don't know or can't change the password. ... When I ran this command from the server logged with my user it ...
    (microsoft.public.scripting.vbscript)
  • Re: Password protecting files in Win2K
    ... Ntfs permissions and share permissions work together ... Windows 2000 uses EFS file encryption but one should not use it until they know EFS ... >I want to know if there is anyway to password protect ...
    (microsoft.public.win2000.security)
  • Re: Running vbs from WSH in ASP page
    ... > When I run the vbs from the command line all is well. ... > When I fire it from an ASP page ... I have a feeling it is> permissions based. ... > Set oShell = Nothing ...
    (microsoft.public.scripting.wsh)
  • RE: Running vbs from WSH in ASP page
    ... I see a whole bunch of problems with the code sample you show (using wscript ... mapping, permissions, etc.) and I'm not the least bit proficient in ASP. ... > When I run the vbs from the command line all is well. ...
    (microsoft.public.scripting.wsh)
Loading