|
Home > Archive > IIS Server > September 2005 > What permissons should be used?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
What permissons should be used?
|
|
| nitingulati@gmail.com 2005-09-27, 2:52 am |
| Server:
1=2E Server Windows 2003.
2=2E IIS6 WEBDAV extension enabled.
Client:
1=2E Windows XP/Windows 2003.
Steps performed:
1=2E Created a directory C:\Webdav with all NTSF permissions for
administrators
2=2E In IIS manager created a website on port 80 called Test. With Read
and Log Access enabled
3=2E Created a virtual directory named WebDav under "Test" with
directory browsing enabled and the Write access enabled.
4=2E In Internet Explorer on the client and enter the URL till the
virtual directory, which is http://server/WebDAV where "server" was
the IP address, it shows me the Webdav directory contents and through
Write access I am able to create folder on my Server.
5=2E Then I tried to open the http://servername shows me the top-level
test Website; and does not list down the Webdav directory contents.
6=2E Then Enable the Directory Access to the Website "test", I was
able to see the entire Content along with the WebDAV Folder.
Question:
=B7 What Security Problem will I face in case I allow the Directory
Browsing onto my Website?
=B7 How can we have authentication before allowing anyone to read my
website as WebDAV?
=B7 Can I restrict the Writing to the Website through NTSF Permission,
even when write access is enabled in the Website?
| |
| Tom Kaminski [MVP] 2005-09-27, 7:58 am |
| Q1: Users can see the structure of your web site.
Q2: Turn off anonymous access and allow either Basic or Windows Integrated
authentication.
Q3: Yes, just set the appropriate NTFS permissions on the content for the
accounts in question.
--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
<nitingulati@gmail.com> wrote in message
news:1127792706.623314.5790@f14g2000cwb.googlegroups.com...
Server:
1. Server Windows 2003.
2. IIS6 WEBDAV extension enabled.
Client:
1. Windows XP/Windows 2003.
Steps performed:
1. Created a directory C:\Webdav with all NTSF permissions for
administrators
2. In IIS manager created a website on port 80 called Test. With Read
and Log Access enabled
3. Created a virtual directory named WebDav under "Test" with
directory browsing enabled and the Write access enabled.
4. In Internet Explorer on the client and enter the URL till the
virtual directory, which is http://server/WebDAV where "server" was
the IP address, it shows me the Webdav directory contents and through
Write access I am able to create folder on my Server.
5. Then I tried to open the http://servername shows me the top-level
test Website; and does not list down the Webdav directory contents.
6. Then Enable the Directory Access to the Website "test", I was
able to see the entire Content along with the WebDAV Folder.
Question:
· What Security Problem will I face in case I allow the Directory
Browsing onto my Website?
· How can we have authentication before allowing anyone to read my
website as WebDAV?
· Can I restrict the Writing to the Website through NTSF Permission,
even when write access is enabled in the Website?
|
|
|
|
|