security on 2 databases - 1 inside web folder, 1outside - why diff

From: Jonathan (Jonathan_at_discussions.microsoft.com)
Date: 06/02/05 

Date: Thu, 2 Jun 2005 06:12:03 -0700

Still learning a lot about security but this one issue has been driving me
nuts. I have a database on our web server that located in a folder under the
wwwroot directory (ie its part of the website). I have another one that is
located outside of the web direcectory in a seperate folder.

I have a scripts that run that update either database. Now the NTFS
security on the the database located in the web folders requires the IUSR_*
account to have the read, write, execute, etc. access so that the scripts can
update the database correctly.

Yet the NTFS security on the database that is located outside of the web
site doesn't need any of that security and it works fine.

Example: C:\inetput\wwwroot\fpdb\data1.mdb has to have access set for IUSR_*
then C:\databases\data2.mdb doesn't.

data2.mdb only has Admin, System and Users (where users only has NT
authenticated users in it)

Yet if I make the security on data1.mdb an exact mirror of the security on
data2.mdb then none of the ASP scripts will work on data1.mdb.

So my question is why? Why does one need to have the IUSR_* account to be
able to update but the other doesn't? I can make everything identicial (both
the NFTS file and folder permissions and the settings through IIS 6.0) but it
doesn't change.

My only guess is that its because one is inside the website and the other is
not - but wanted to know if this is true and why. Any info would be great -
its nothing ciritcal - I just hate not understanding this behavoir and have
no idea how to even begin searching for an answer to this.

Thanks,
Jonathan Adams

Relevant Pages

  • Re: Access db accessibility (permissions??)
    ... if you have not then your computers are workgrouped, security becomes a bit ... password when you first login to your database. ... > folder and then delete it. ... So the permissions are RWED on that folder. ...
    (microsoft.public.access.security)
  • Macromedia Dreamweaver Remote Database Scripts (#NISR05042004B)
    ... NGSSoftware Insight Security Research Advisory ... Macromedia Dreamweaver Remote Database Scripts ...
    (Bugtraq)
  • [VulnWatch] Macromedia Dreamweaver Remote Database Scripts (#NISR05042004B)
    ... NGSSoftware Insight Security Research Advisory ... Macromedia Dreamweaver Remote Database Scripts ...
    (VulnWatch)
  • Re: database protection
    ... to share that folder with full permissions. ... database is at stake, anybody from any netwark location can damage the ... That should be enough to keep most casual snoops out, but if any of them are Access savvy then you might want to consider applying user level security. ... make BACKUPS of you files first, it's easy to lock yourself out when you're learning ULS. ...
    (microsoft.public.access.security)
  • Re: Design question!, uploading documents to webserver
    ... Storing pdf's in the db doesn't seem to resolve the security issue, since it leaves all access through your web application, and the web application has to handle the security. ... If the app is doing that anyway, you could store the docs in a folder that no user has access to, and let the app provide the docs on request. ... Documents will be in .pdf format. ... Documents will not be stored in database but instead uploaded to a folder on the webserver. ...
    (microsoft.public.dotnet.framework.aspnet)