Re: Secure an upload page

From: Joe (anonymous_at_discussions.microsoft.com)
Date: 04/25/04 

Date: Sun, 25 Apr 2004 07:05:12 -0700

Karl thanks for your reply,

The most secure way to do downloads might be to use NTFS
file permissions,
local Windows accounts, HTTPS and use WebDAV for the file
transfer. That
might be a little too complex depending on your needs:

I use VPN for downloads or link to them in a generic
webpage and I only give this out under cartain file
permissions-conditions. However you still cannot get to
anything I dont want you to via VPN. But if you have FP
and know the name of my site and the password to upload
the files you can also open up FP and enter the entire web!
Pretty scary.
So I dont know how to secure this page. If the upload page
is in a web it wont matter where the desination folder is
because the other side of this is the hole.
I am using https
https://animocracy.com/mysite/File_Upload.htm
Thanks
Joe
>-----Original Message-----
>Note that any authentication you do can probably be
sniffed unless you use
>an SSL certificate and check the boxes to require HTTPS
for any pages where
>you have changed permissions. This may not be a big
issue for you if you
>only do uploads on your local network and/or the web
server is not all that
>critical for you.
>
>The most secure way to do downloads might be to use NTFS
file permissions,
>local Windows accounts, HTTPS and use WebDAV for the file
transfer. That
>might be a little too complex depending on your needs:
>
>www.iisfaq.com/ssl
>www.webdav.org
>
>Or, you could use SSH / SCP / PuTTY, which is probably
easier, especially if
>you know or can contact everyone who will be posting:
>
>www.openssh.org/windows.html
>www.networksimplicity.com
>
>
>"Joe" <anonymous@discussions.microsoft.com> wrote in
message
>news:3c4f01c42a81$a6099490$a601280a@phx.gbl...
>> Hello,
>>
>> Need some advice (please) on how to secure an upload
page
>> on my web?
>> As I can see it the page asks for a password as it is
>> which is my admin. account and password.But I want this
to
>> be available to others and I cannot of course give out
my
>> password.
>> I have however added a user in the FP extensions but I
>> feel this is a big a hole in my shell of armor here. How
>> can I enable th extensions to allow the upload without
>> someone else with FP getting into my web. The browser
is ok
>> Maybe in simpler terms >>How to secure the page and
allow
>> only the upload to say a generic user.
>> Thanks
>> Joe
>>
>>
>
>
>.
>

Relevant Pages

  • Re: Secure an upload page
    ... FPSE believes you have granted that account author, adv author, ... where the upload will be stored. ... > The most secure way to do downloads might be to use NTFS ... HTTPS and use WebDAV for the file ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is this REALLY a secure site?
    ... >> How can anyone really know if an SSL or HTTPS connection is truly ... Even if it is theoretically secure ... major credit card company wound up making the authorization against my ... > site uses a numerical IP address: those are always bogus. ...
    (microsoft.public.windowsxp.general)
  • Re: At What Point Does the Security Begin?
    ... All secure forms examine this variable, and if empty redirect to the ... all pages behind the login are posted through SSL. ... in which I understand .NET uses a cookie behind ... not secure (it's called at http, not https) but posts to a page ...
    (microsoft.public.dotnet.security)
  • Re: Ethernet cable question.
    ... I have developed Web HTTPS site ... solutions on the server and on the client end. ... *CAN* be secure. ...
    (microsoft.public.windows.vista.general)
  • Re: Setting up HTTPS w/subdomain on Apache2
    ... Secure data transfer ... The docs recommended using SSL, ... I'm mistaken, HTTP w/SSL = HTTPS. ... Authentication would be basic or digest (Personally I'm using basic ...
    (Ubuntu)
Loading