Link to home
Start Free TrialLog in
Avatar of renis
renis

asked on

Hosting with IIS

Hello everybody!

I'm trying to setup a windows 2000 server, IIS 5, for hosting. The problem is: How can i secure my customers pages. With a simple ASP script, using FileSystemObject, any customer can read what ever he want in the HDD. So he can read also ASP source of other customers.
For the other part of HDD i'm thinking to remove everyone access at NTFS and put only Administrators and SYSTEM. But what to do with users folder. They of course need INETUSR read. So they can read each other script sources.
Exist any solution for this?

Thank You!
Avatar of AndresM
AndresM

If you don't need the FileSystemObject, you can disable it. The following command will disable File System Object:
regsvr32 scrrun.dll /u
From "Secure Internet Information Services 5 Checklist"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/chklist/iis5chk.asp

Avatar of renis

ASKER

But my customers need that.
Now i'm thinking another solution. Please tell me if this is right or not.

1. Open a windows user for every customer.
2. Create folder for the user and give NTFS access for administrators, System and user account.
3. Create WebSite at IIS.
3. Open IIS properties for website just created and change IIS User from INETUSR to useraccount.

Maybe this can be a solution. In this mode every user will have access only at his folder.

But i'm not sure this will work or not... any opinion?
ASKER CERTIFIED SOLUTION
Avatar of AndresM
AndresM

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of renis

ASKER

Thank you. I was searching for an article like this in internet, but was unable to find.
I had the same idea, but i was really unsure for that. Now i'm clear.

Thank you Andres