Re: IIS & Frontpage permissions?

• Previous message: Dave: "IIS & Frontpage permissions?"
• In reply to: Dave: "IIS & Frontpage permissions?"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: IIS & Frontpage permissions?"
• Reply: anonymous_at_discussions.microsoft.com: "Re: IIS & Frontpage permissions?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 7 Sep 2004 18:01:28 +0200

Hi Dave,

If I understand this correctly, you could use FTP to upload the image. FTP
upload is "scriptable". E.g.

************
ftp
open 10.10.10.10
username
password
binary
cd directory
put "file.jpg"
bye
************

open 10.10.10.10 tells the script to open FTP connection on 10.10.10.10
"username" is username used to logon to this FTP
"password" is password for "username" used to logon to this FTP
binary sets binary transfer mode (instead if ASCII)
cd directory changes folder to "directory"
put "file.jpg" upload file.jpg to FTP server
bye will end connection with FTP server.

Most important thing about this script is that it is stored in secured
folder where only authorized users have access to. Password in batch file is
in clear text and anyone with access could read it...

I hope this helps,

Mike

"Dave" <anonymous@discussions.microsoft.com> wrote in message
news:761401c494f0$83b95680$a601280a@phx.gbl...
> Hi I am having a problem with my host at the moment and
> wondered if anyone could help.
>
> I am trying to use a script that uploads an image to a
> directory. I need to allow the directory to allow write
> permissions. I have done this fine with my last host but
> having major probs with this one. I attach an email with
> details of the discussion, and if someone can tell me if
> it is rubbish or not it would be greatly appreciated!
>
>
> START OF MESSAGE
>
> Sys Admin:
> We could give the anonymous user higher level of access by
> default - this would however pose a security risk to his
> site. There are a lot of exploits out there which will
> sweep for anonymous upload access - I doubt it would be to
> longer before the site got defaced.
>
> Sales:
> How has this worked for him before, what is it that other
> hosts are doing that we aren't?
>
> Sys Admin:
> The other hosts don't have a security policy as tight as
> ours.
>
> You can just make the whole server anonymous, and nobody
> would have to remember their password but would it make
> it "better"???
>
> Sales:
> Ok right, so I understand it as well, the whole point we
> do it this way is because of security concerns?
>
> Sys Admin:
> Basically our Windows 2003 system is extremely tight Each
> site has individual IUSR's, everything anonymous is
> switched (uploading via HTTP & FTP). IUSR's have limited
> access to the servers, everything but supported file
> extensions and technologies are switched off.
>
> Sales:
> But the customer has other sites with us with the config
> but he hasn't come across this problem.
>
> Sys Admin:
> We do however (because of the security of the individual
> IUSR's), allow read/write/modify permission across the
> customers "\www\" directory.
> However FrontPage switches the permissions to "read
> only" .... This is the actual NTFS disk permissions.. What
> the customer requires us to do is turn on what would allow
> anonymous uploading as well as uploading from scripts -
> which can be a problem...
>
> Like I mentioned before said, we can change the disk
> permissions which should allow your customer to upload -
> but they will be reset back to "Read" if we run a "server
> health check", which is usually what is done when someone
> reports a FP problem (and FP always need maintenance at
> some point or another)..
>

• Previous message: Dave: "IIS & Frontpage permissions?"
• In reply to: Dave: "IIS & Frontpage permissions?"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: IIS & Frontpage permissions?"
• Reply: anonymous_at_discussions.microsoft.com: "Re: IIS & Frontpage permissions?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]