Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Limit ASP access to files from other sites.

Posted on 2004-04-07
2
Medium Priority
?
173 Views
Last Modified: 2013-12-04
I have a security problem on the server I am setting up.

I have a number of different sites running in IIS 5.0 placed in different directories:

e:\home\aaa
e:\home\bbb

etc.

The problem is that the asp files running in site aaa (f:\home\aaa) can access the files and databases in f:\files\bbb using af fileSystemObject.


How can this be avoided?

A explanation of the security issues involved will be greatly appreciated.
0
Comment
Question by:lasseStaff
  • 2
2 Comments
 
LVL 12

Accepted Solution

by:
trywaredk earned 900 total points
ID: 10773693
If you have a number of users with websites on your server, they can, in the default configuration, read each other's files with FileSystemObject. What if you want to prevent this happening? Here's how
http://rtfm.atrax.co.uk/infinitemonkeys/articles/iis/986.asp

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10775792
:o) Glad I could help you - thank you for the points
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question