Where to place uploaded files?

Can anyone offer a secure solution to the following problem:

I have an ASP.NET application that uploads files via the browser from the user's machine and copies
them to a secure location accessible by the web server.  I then have a
VB executable that should process these files into the database.  Now my system
has a 3 tiered architecture with web server running ASP.NET application, application
server running web services and Enterprise Services and finally a database server
accesed only via Enterprise Services.  Each of the tiers is separated by a firewall.

Now my problem is where to locate my uploaded files and VB executable such that I do
not create a security loop hole whereby the executable can process files uploaded to
the web server or a location acessible by the web server straight into the database
bypassing the aplication server and all firewalls.  

My logic tells me the executable should be on the application server but then how to get
the uploaded files to the application from web server for processing when only port 443 open?  

I thought about creating a shared directory on a separate machine visible
from both web and application servers and protected by an ACL restricting
access to just the Windows account the ASP.NET application is
running under and the Windows account the execxutable is running
under as a scheduled task but thought this might be a security
risk effectievly opening up a means of accessing
both servers from one location and no firewall.

If anyone has any ideas about this I would really appreciate it.

Many thanks
Who is Participating?
In my opinion, the best place for your binary files would be a database.  
They could easy be saved, stored and retrieved, and they could not be exicuted.

Here are two links of interest:


Samm1502Author Commented:
That's a promising solution thanks

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.