NT IIS Parent Path Question

Results 1 to 2 of 2

Thread: NT IIS Parent Path Question

  1. #1
    Join Date
    Dec 1969

    Default NT IIS Parent Path Question

    Hello!<BR><BR>I have heard some things that &#039Parent Path&#039 (enabled by default) is a security hazard when running ASP. Is there any information I should have?? Any articles on this would be great.<BR><BR>Thanks a lot!<BR><BR>Chris

  2. #2
    Join Date
    Dec 1969

    Default RE: NT IIS Parent Path Question

    The problem is that a web server is suppose to only expose those files that are in the web directory to the Internet world. With Parent paths included, you allow your ASP pages to access contents outside of the web directory.<BR><BR>This is not a problem if you are the only one uisng the web server, but imagine that you are a web host, and have many folks on your web server and that you have the parent paths feature enabled. One person on the web server could display the contents of a file not in the web directory using a #include. (For example, if the web directory was C:InetPubWwwroot, the user could do &#060;!--#include file="../../autoexec.bat"--&#062; to display the contents of autoexec.bat

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts