|
Home > Archive > IIS Server Security > February 2006 > file system object
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
file system object
|
|
| jasminess 2006-02-22, 6:03 pm |
| hello. i disabled the file system object for my iis 6. but i have a search
code for my site written by asp that uses the fso.
if i enable fso, other users who upload their files by ftp to server read
others files, server's system info, drives etc.
how can stop this. can i enable fso for some spesific users?
| |
| Ken Schaefer 2006-02-22, 8:51 pm |
| You could set NTFS permissions so that only some users can access the
scrrun.dll file
Or you could set NTFS permssions on all the content so that only the
properly authorised users can read it using the FSO
Cheers
Ken
"jasminess" <cunoal@yahoo.com> wrote in message
news:%23vGoM77NGHA.3196@TK2MSFTNGP09.phx.gbl...
: hello. i disabled the file system object for my iis 6. but i have a search
: code for my site written by asp that uses the fso.
: if i enable fso, other users who upload their files by ftp to server
read
: others files, server's system info, drives etc.
: how can stop this. can i enable fso for some spesific users?
:
:
:
| |
| jasminess 2006-02-26, 10:27 am |
| i have a few web site which users upload files by ftp. and everyone has
execute access for asp.
if someone upload such that code and gets my system info how can i stop
this.? i have a search page with asp code .if i disable fso my search page
doesnt work
is tehere a way to accomplish this without disabling the fso.
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:ebckFlBOGHA.140@TK2MSFTNGP12.phx.gbl...
> You could set NTFS permissions so that only some users can access the
> scrrun.dll file
>
> Or you could set NTFS permssions on all the content so that only the
> properly authorised users can read it using the FSO
>
> Cheers
> Ken
>
> "jasminess" <cunoal@yahoo.com> wrote in message
> news:%23vGoM77NGHA.3196@TK2MSFTNGP09.phx.gbl...
> : hello. i disabled the file system object for my iis 6. but i have a
> search
> : code for my site written by asp that uses the fso.
> : if i enable fso, other users who upload their files by ftp to server
> read
> : others files, server's system info, drives etc.
> : how can stop this. can i enable fso for some spesific users?
> :
> :
> :
>
>
| |
| Daniel Crichton 2006-02-26, 10:27 am |
| jasminess wrote on Thu, 23 Feb 2006 16:59:00 +0200:
> i have a few web site which users upload files by ftp. and everyone has
> execute access for asp.
> if someone upload such that code and gets my system info how can i stop
> this.? i have a search page with asp code .if i disable fso my search page
> doesnt work
> is tehere a way to accomplish this without disabling the fso.
Run each site under a different user account. Only allow each account access
to the directories/files for that site.
Dan
|
|
|
|
|