Solved

Limit ASP access to files from other sites.

Posted on 2004-04-07
2
165 Views
Last Modified: 2013-12-04
I have a security problem on the server I am setting up.

I have a number of different sites running in IIS 5.0 placed in different directories:

e:\home\aaa
e:\home\bbb

etc.

The problem is that the asp files running in site aaa (f:\home\aaa) can access the files and databases in f:\files\bbb using af fileSystemObject.


How can this be avoided?

A explanation of the security issues involved will be greatly appreciated.
0
Comment
Question by:lasseStaff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 12

Accepted Solution

by:
trywaredk earned 300 total points
ID: 10773693
If you have a number of users with websites on your server, they can, in the default configuration, read each other's files with FileSystemObject. What if you want to prevent this happening? Here's how
http://rtfm.atrax.co.uk/infinitemonkeys/articles/iis/986.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10775792
:o) Glad I could help you - thank you for the points
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question