Filesystemobject and NT security

Results 1 to 2 of 2

Thread: Filesystemobject and NT security

  1. #1
    Join Date
    Dec 1969

    Default Filesystemobject and NT security

    When a customer processes an order a text file needs to be created. In order for this to work, the IUSR_ account needs to be given write permissions to a directory.<BR>The user cannot control the creation or writing of this file as it is all done within the ASP, but is this directory easily open to attack...???

  2. #2
    Olav Guest

    Default RE: Filesystemobject and NT security

    Hi David,<BR><BR>Just a few days before yourself I asked pretty much the same question on this forum and haven&#039t received an answer yet.<BR>Giving everyone write-access to the directory is not an option for me either because of security reasons.<BR><BR>The only solutions I can come up with are:<BR><BR>1. Use NT-accounts<BR>2. Use a database to store processed orders, put the databse outside of the webroot and password-protect it.<BR>3. Use a 3rd party component like SA-FileManager from It enables you to temporarely let the anonymous user use an existing NT-account within an ASP-page to perform write actions and automatically swith him/her back to the standard anonymous account after that.<BR><BR>Most hosting-providers will probably not allow you to have a NT-account or to register components, but it&#039s worth asking them.<BR>Mine will only allow the 2nd option.<BR><BR>I&#039m having a look right now at placing my own NT webserver at my hosting-providers building and using the SA-FileManager component. Bt first I will test the component for a while on the machines in my own office.<BR><BR>If you like me to mail you my experiences with it, let me know ...<BR><BR>Hopes this helps,<BR><BR>Greetings,<BR>Olav<BR>(The Netherlands)<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts