?
Solved

Should I install FTP on IIS 6.0?

Posted on 2005-04-02
7
Medium Priority
?
606 Views
Last Modified: 2007-12-19
Hello,

I have a Windows 2003 IIS 6.0 Web server.  I am thinking of allowing customers to be able to FTP into their own Web site and transfer files.  

What kind of security threats are involved?  
Are their safer alternatives to FTP that would allow a customer to update Web files?  
What are some common support issues that are dealt with?

Thanks in advance.
0
Comment
Question by:rudyflyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 1000 total points
ID: 13689642
ftp is a common access technique.

best practice is to make sure that each user logs in under their own credentials, and use those same credentials as the IIS anonymous user for their web site and content.  be explicit with permissions for that user to only have write access to their own web folders, and no rights to other user data.

this will effectively sandbox all web sites.

Cheers.
0
 
LVL 37

Expert Comment

by:meverest
ID: 13689692
also, here is a previous discussion on a similar subject:

http://www.experts-exchange.com/Web/Web_Servers/IIS/Q_21225078.html?query=ftp+user+meverest&clearTAFilter=true

and with win2k3, you can set the ftp service to automtaocally isolate users to the subdirectory which is useful additional security.

Cheers.
0
 
LVL 1

Expert Comment

by:maZe84
ID: 13691967
hmm

i hate FTP

i think SFTP is a better way, and it is "secure"
with FTP its easy to sniff in a wireless network, or behind a switch with rooter Spoofing.
The password is sent in cleartext.

in SFTP it is secured with TLS/ SSL

mfg maZe
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Expert Comment

by:madhubk
ID: 13714468
Do include a virus check soon after the upload. If a virus is found may be you can quarantine the file and send the user an email regarding the virus.

Madhu
0
 
LVL 37

Expert Comment

by:meverest
ID: 13714580
>> i think SFTP is a better way, and it is "secure"

that may be true, but IIS does not support sftp at version 6.  IIS7 maybe, but we will not know until it is released.

Cheers.
0
 
LVL 2

Expert Comment

by:WebSpecials
ID: 13717316
yes.. but why do you need the service run on IIS?

mfg WebSpecials
0
 
LVL 37

Expert Comment

by:meverest
ID: 13722711
>> yes.. but why do you need the service run on IIS?

umm, because this topic area is "Web Servers - IIS"?  and therefore i think that it is safe to assume that we are dealing with an IIS question here.

Cheers.
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month14 days, 22 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question