[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Where to place uploaded files?

Posted on 2005-05-10
2
Medium Priority
?
199 Views
Last Modified: 2013-12-04
Can anyone offer a secure solution to the following problem:

I have an ASP.NET application that uploads files via the browser from the user's machine and copies
them to a secure location accessible by the web server.  I then have a
VB executable that should process these files into the database.  Now my system
has a 3 tiered architecture with web server running ASP.NET application, application
server running web services and Enterprise Services and finally a database server
accesed only via Enterprise Services.  Each of the tiers is separated by a firewall.

Now my problem is where to locate my uploaded files and VB executable such that I do
not create a security loop hole whereby the executable can process files uploaded to
the web server or a location acessible by the web server straight into the database
bypassing the aplication server and all firewalls.  

My logic tells me the executable should be on the application server but then how to get
the uploaded files to the application from web server for processing when only port 443 open?  

I thought about creating a shared directory on a separate machine visible
from both web and application servers and protected by an ACL restricting
access to just the Windows account the ASP.NET application is
running under and the Windows account the execxutable is running
under as a scheduled task but thought this might be a security
risk effectievly opening up a means of accessing
both servers from one location and no firewall.

If anyone has any ideas about this I would really appreciate it.

Many thanks
Sam
0
Comment
Question by:Samm1502
2 Comments
 
LVL 16

Accepted Solution

by:
hankknight earned 1500 total points
ID: 13970748
In my opinion, the best place for your binary files would be a database.  
They could easy be saved, stored and retrieved, and they could not be exicuted.

Here are two links of interest:

          http://www.aspupload.com/manual_db.html
          http://www.codeproject.com/aspnet/upsanddowns.asp


0
 

Author Comment

by:Samm1502
ID: 13975713
That's a promising solution thanks

Sam
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question