IIS Server Security - Can create a file in a read-only directory

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > January 2006 > Can create a file in a read-only directory





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Can create a file in a read-only directory
Birger Niss

2006-01-17, 8:03 am

Hi,

I have an ASP.NET 2 application configured to use impersonation. The
application is running in IIS on an XP test machine.
With this application I am able to create a temporary file using:

new FileStream(TemporaryFileName, FileMode.Create))

in a directory to which the logged-in (and impersonated) user has only read
access. Immediately afterwards the application attempts to delete the file,
but it fails with access denied.
Inspecting the created file in explorer shows that the owner is indeed the
impersonated user.

Running the same application on Windows 2000 and 2003 servers does not show
this misbehavior.

Any suggestions will be appreciated!

Best regards
Birger Niss


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com