Network Gurus Disparage iUser

Results 1 to 2 of 2

Thread: Network Gurus Disparage iUser

  1. #1
    Join Date
    Dec 1969

    Default Network Gurus Disparage iUser

    I have a webserver with web sites on one drive and the OS on another drive (same machine). iUser is on only the websites & minimal users on the os drive. ie admin system only whats needed to run the OS.<BR><BR>Our network guys dont want to hook the webserver from the DMZ to an internal(DB) machine because there is a hidden directory where I let iUser & iWam read,write & delete files.<BR><BR>Question is how do you write a txt file to the webserver Without giving iUser write permissions. Its one folder that does not have inherent permissions & I immediately delete the file after writing to the db. Are these guys being a bunch of jug heads or am I missing something?<BR><BR>Why is everyone in crisis about giving iUser write permissions these days and what is the work around from a security stand point?<BR><BR>I have been asked to write the file to Memory instead of the HD as a work around... Which would require rewriting the COM OBJ. <BR><BR>It would seem to me writing to Memory is more of a hole than putting it on the HD & picking it up. At least the realtime antivirus will see it on the HD.<BR><BR>Any feedback links MS info would have me forever in your debt.<BR><BR>Thanks

  2. #2
    Join Date
    Dec 1969

    Default Seems to me...

    ...that if you only give read and write permissions (and not execute) on that dir, how can anything happen? For that matter, deny execute permissions to *everybody* on that dir and then what can happen?<BR><BR>Yeah, they are being anal retentive. The only way you would have *real* vulnerability would be if you allowed upload of files into that directory. Hell, there are major web HOSTING companies out there that routinely give each and every one of the thousands of sites on each machine an individual writable directory. And for that matter, the host we are currently using even allows each site owner to control which directories are writable by the web server. Add directories? Sure. Make them writable? Why not? And this host probably has 200 to 500 web sites on that one computer.<BR><BR>Ask them how often they get hit with a virus? HINT: Our site hasn&#039;t been down, so far as I can tell, for anything other than routine maintenance in over 6 months.<BR><BR>It&#039;s all a matter of system admins not *really* understanding the problem space, I would bet.<BR><BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts