Re: IIS folder structure and security.

From: Jason Brown [MSFT] (i-brjaso_at_online.microsoft.com)
Date: 04/16/05

• Next message: edroszcz_at_gmail.com: "Re: IIS folder structure and security."
• Previous message: edroszcz_at_gmail.com: "IIS folder structure and security."
• In reply to: edroszcz_at_gmail.com: "IIS folder structure and security."
• Next in thread: edroszcz_at_gmail.com: "Re: IIS folder structure and security."
• Reply: edroszcz_at_gmail.com: "Re: IIS folder structure and security."
• Reply: Savas: "Re: IIS folder structure and security."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 16 Apr 2005 15:09:22 +1000

Yes, it's possible, with a lax NTFS security scheme, for a user of site1 to
access files in other sites with, say, FileSystemObject. This could lead to
some shenanigans.

The way I'd deal with this would be to add a unique user account for each
separate user, and a group which you can add the users to for blanket
permissions. then make sure only the appropriate user account has rights on
their set of folders. If they then tried to cross the boundary into another
site, they'd immediately be denied.

It sounds hard to set up at first, but once you get going with it it's
really not too hard.

-- 
Jason Brown
Microsoft GTSC, IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
<edroszcz@gmail.com> wrote in message 
news:1113603977.291868.73260@g14g2000cwa.googlegroups.com...
Hi,
Been browsing for some information about how I should organize our
Windows 2003 servers running IIS6. Whith organize I mean which folder
structure we should use and to to make it secure.
The structure I have atm looks like this:
D:\Websites
...
D:\Websites\domain1.com
D:\Websites\domain1.com\www
D:\Websites\domain1.com\db
...
D:\Websites\domain2.com
D:\Websites\domain2.com\www
D:\Websites\domain2.com\db
and so on for each domain on the server.
In the IIS each site have it's root to the 'www' folder. I.e the site
for the domain domain1.com points to the folder
D:\Websites\domain1.com\www.
The server is a shared webhosting server with all kinds of customers
with different domains. I dont use the IIS FTP so I dont have to worry
that users can change/delete files from other users directories that
way.
But what I wonder is, can the user with domain1.com execute a script
that he put in D:\Websites\domain1.com\www that in some way could
access the files in D:\Websites\domain2.com\www?
If so, which would be the best way to fix this? Do I have to create
Windows accounts and set NTFS permissions on each customers folder?
Any idéas, comments or thoughts on this would be appreciated.
Best regards
Erik Droszcz

---

• Next message: edroszcz_at_gmail.com: "Re: IIS folder structure and security."
• Previous message: edroszcz_at_gmail.com: "IIS folder structure and security."
• In reply to: edroszcz_at_gmail.com: "IIS folder structure and security."
• Next in thread: edroszcz_at_gmail.com: "Re: IIS folder structure and security."
• Reply: edroszcz_at_gmail.com: "Re: IIS folder structure and security."
• Reply: Savas: "Re: IIS folder structure and security."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)