FileSystemObject, IIS5 and virtual directories Que

Results 1 to 2 of 2

Thread: FileSystemObject, IIS5 and virtual directories Que

  1. #1
    Join Date
    Dec 1969

    Default FileSystemObject, IIS5 and virtual directories Que

    - I am running Win2000 and IIS5<BR><BR>- I have a virtual directory called recds that points to e:
    ecordings<BR><BR>- The permissions on e:
    ecordings are [ Everyone ] - [ Full Control ] (this is the default for any newly created folder, correct?)<BR><BR>- I have only "read" checked on the virtual directory (no script or dir browsing)<BR><BR>- I link to the files in the recds directory like so http://myhost/recds/file.xt<BR><BR>- I am using FileSystemObject to check that the file.txt exists before I link to it (if the file does not exist don&#039;t show an href for it)<BR><BR>QUESTION: Does linking to files in this way pose a security threat? Does the use of FileSystemObject to check that they exist pose a security threat? From what I can tell you have to manually disable FileSystemObject through the registry which means most web servers on IIS probably have it enabled. Doesn&#039;t this cause a huge security hole? All the directories on the IIS install (inetpub, wwwroot, etc) are set for everyone and full control by default. Again, doesn&#039;t this cause huge security problems.<BR><BR>Thanks for your help!<BR><BR>Jeff Phillips<BR><BR>VoiceLogger, Inc.

  2. #2
    Join Date
    Dec 1969

    Default should...

    ...remove the Everyone user entirely from the NTFS permissions. then set the IUSR_??? for anonymous internet access to read only.<BR>No, the default permissions are inherited from the parent folder by default. So, the Everyone user probably has full control over most of the folders on your server.<BR><BR>Only admin level users should have full control over just about any folder on the server.<BR><BR>As for the file system object, I don&#039;t have the slightest idea how this fits into the conversation.<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts