Re: IIS Security Question

• Previous message: Gary: "New SSL Certificate is invalid after uninstalling Certificate Server"
• In reply to: Sid: "IIS Security Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 7 Oct 2004 14:39:35 -0700

You might want to consider putting the file systemobject in COM+, and
running under a different user , who only has write access to that folder,
this delegates the writing from the IUSR, and has advantages.

"Sid" <sidskiba@telus.net> wrote in message
news:320b01c4aa8a$13194b10$a301280a@phx.gbl...
> I have sort of a general question about file uploading.
> IIS 5.1
>
> I have a web site at c:\inetpub\wwwroot\
>
> I also have a directory at c:\images\ (not in the wwwroot
> nor a virtual folder)
>
> I have read/write/modify on c:\images\ for IUSR account.
>
> Only Read/Execute on wwwroot
>
> I am looking to use a script to allow image uploads on a
> password secure ASP page to the images directory.
>
> I have a question about general security of this though
> and am not bright enough to test this. Can someone who
> knows there is a directory c:\images\ use an HTTP command
> or some other method to put files into that directory
> without even having access to the upload script? Like a
> PUT or PUSH of some sort?
>
> Or is the directory safe as it is out of the wwwroot and
> is not a virtual directory?

• Previous message: Gary: "New SSL Certificate is invalid after uninstalling Certificate Server"
• In reply to: Sid: "IIS Security Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]