Re: Disabling FSO in certain websites
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/29/04
- Previous message: David Martin: "Re: /sumthin ?"
- In reply to: omar koudsi: "Disabling FSO in certain websites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Feb 2004 23:21:15 -0800
It is not possible to declaratively "disable" arbitrary objects on a per
site basis.
However, I can think of a hack which may work for you, using filesystem
ACLs. Basically, you set up the websites that have FileSystemObject
disabled to always execute with a certain user identity (for completeness, I
would lock both the Process Identity as well as user identity to this user
so that people don't hop around it with RevertToSelf() ) and then physically
ACL the file implementing Scripting.FileSystemObject to deny access to that
user. Doing this does not affect the access of anything else that needs
FSO -- only the FSO attempts from those specific websites.
This hack won't work if you cannot control the user identity of your users,
but I suspect you should have this under control if you are a hoster.
So, what you would do is:
1. Create an AppPool with a custom user identity of DeniedFSOUser
2. Set all websites to use this AppPool if you wish to deny them FSO access
3. Set anonymous user identity to be DeniedFSOUser for all websites in #2
4. Set Deny Read/Execute ACL on the file implementing FSO (mine says
scrrun.dll) for DeniedFSOUser
5. If these websites have authentication, you may need to add those users as
well to the Deny Read/Execute ACL (or use a group for this)
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "omar koudsi" <omark@jeeran.com> wrote in message news:27eadc6c.0402282016.345e1b7c@posting.google.com... Win2k3/IIS6 I would like to disable the file system object for some of the sites that im hosting on my server for security reasons, so this shouldnt be a server wide solution. Id appreciate any pointers,
- Previous message: David Martin: "Re: /sumthin ?"
- In reply to: omar koudsi: "Disabling FSO in certain websites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
