Limit ASP access to files from other sites.

I have a security problem on the server I am setting up.

I have a number of different sites running in IIS 5.0 placed in different directories:

e:\home\aaa
e:\home\bbb

etc.

The problem is that the asp files running in site aaa (f:\home\aaa) can access the files and databases in f:\files\bbb using af fileSystemObject.


How can this be avoided?

A explanation of the security issues involved will be greatly appreciated.
lasseStaffAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
trywaredkConnect With a Mentor Commented:
If you have a number of users with websites on your server, they can, in the default configuration, read each other's files with FileSystemObject. What if you want to prevent this happening? Here's how
http://rtfm.atrax.co.uk/infinitemonkeys/articles/iis/986.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
trywaredkCommented:
:o) Glad I could help you - thank you for the points
0
All Courses

From novice to tech pro — start learning today.