ftp security question
From: bbxrider (bxtrap01_at_comcast.net)
Date: 01/14/04
- Next message: Amir M.: "Disabling IIS"
- Previous message: Paul Lynch: "Re: SSL cert problem"
- Next in thread: Andrew Davis [MS]: "RE: ftp security question"
- Reply: Andrew Davis [MS]: "RE: ftp security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jan 2004 12:53:59 -0800
win2k adv serv/ iis5.0
this my first web site, this is my thinking for security for an application
that needs to write, copy, and delete flat files over the internet
the 1 and only basic internet user acct has privileges to write new flat
files to one directory, directly beneath the std inetpub directory, thru
perl programs obtaining data from html forms, a unique flat file will be
created for each page/form that is processed
the 1 and only ftp user will have acct privileges to the above directory to
read, and delete files and also copy files to a directory directly below,
thereby making backup
copies of the files it obtains, there will be copies on the receiving end
also but basically i want to make a copy on server before copied file is
deleted from its original directory, the ftp acct is password protected and
the ftp server will only accept requests from designated urls
my question: is this a safe configuration?
my understanding is the internet acct that writes files is safe.
but not sure about the ftp acct? could it be spoofed somehow where the
username/pswd and url is found out by examining the relevant packets and
therefore able to be used to write and execute some malicious program,
because copy and delete privileges always have execute as well
- Next message: Amir M.: "Disabling IIS"
- Previous message: Paul Lynch: "Re: SSL cert problem"
- Next in thread: Andrew Davis [MS]: "RE: ftp security question"
- Reply: Andrew Davis [MS]: "RE: ftp security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
