Re: Secure an upload page

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 04/26/04 

Date: Mon, 26 Apr 2004 07:01:32 -0700

Hi Karl,

Boy, given the high rate of probing with WebDAV verbs
of late, that mention of WebDAV makes me nervous.

It was quite good to finally meet earlier this month. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:OnOAVMsKEHA.1416@TK2MSFTNGP09.phx.gbl...
> Note that any authentication you do can probably be sniffed unless you use
> an SSL certificate and check the boxes to require HTTPS for any pages
where
> you have changed permissions.  This may not be a big issue for you if you
> only do uploads on your local network and/or the web server is not all
that
> critical for you.
>
> The most secure way to do downloads might be to use NTFS file permissions,
> local Windows accounts, HTTPS and use WebDAV for the file transfer.  That
> might be a little too complex depending on your needs:
>
> www.iisfaq.com/ssl
> www.webdav.org
>
> Or, you could use SSH / SCP / PuTTY, which is probably easier, especially
if
> you know or can contact everyone who will be posting:
>
> www.openssh.org/windows.html
> www.networksimplicity.com
>
>
> "Joe" <anonymous@discussions.microsoft.com> wrote in message
> news:3c4f01c42a81$a6099490$a601280a@phx.gbl...
> > Hello,
> >
> > Need some advice (please) on how to secure an upload page
> > on my web?
> > As I can see it the page asks for a password as it is
> > which is my admin. account and password.But I want this to
> > be available to others and I cannot of course give out my
> > password.
> > I have however added a user in the FP extensions but I
> > feel this is a big a hole in my shell of armor here. How
> > can I enable th extensions to allow the upload without
> > someone else with FP getting into my web. The browser is ok
> > Maybe in simpler terms >>How to secure the page and allow
> > only the upload to say a generic user.
> > Thanks
> > Joe
> >
> >
>
>

Relevant Pages

  • Secure an upload page
    ... Need some advice on how to secure an upload page ... I have however added a user in the FP extensions but I ... only the upload to say a generic user. ...
    (microsoft.public.inetserver.iis.security)
  • Re: webserver strangeness.
    ... > I have setup an upload area and enabled WebDAV, ... > that I need to find an easy way to upload a few thousand photos and add ... > create a simple system using webdav so uploads can be done as if the site ... > to be in the root of the web structure. ...
    (RedHat)
  • Re: How to enable HTTP PUT without WebDAV ?
    ... Will try something different to upload files. ... Or use ftp -- unless webdav blocks that aswell. ... > different instances of UrlScan installed as site filters, ... > unless all configurations are identical. ...
    (microsoft.public.inetserver.iis)
  • Re: Grundsatzfrage
    ... das Hochladen erfolgt über das WEB. ... Ich kann also WebDav nicht ... Was verstehst du denn jetzt genau unter "Upload von Dateien"? ...
    (microsoft.public.de.inetserver.iis)
  • Re: Client upload of files via http
    ... >> the login data is ... >> upload files to an FTP server. ... > supports secure transfers. ...
    (Fedora)