Where to place uploaded files?

Posted on 2005-05-10
Last Modified: 2013-12-04
Can anyone offer a secure solution to the following problem:

I have an ASP.NET application that uploads files via the browser from the user's machine and copies
them to a secure location accessible by the web server.  I then have a
VB executable that should process these files into the database.  Now my system
has a 3 tiered architecture with web server running ASP.NET application, application
server running web services and Enterprise Services and finally a database server
accesed only via Enterprise Services.  Each of the tiers is separated by a firewall.

Now my problem is where to locate my uploaded files and VB executable such that I do
not create a security loop hole whereby the executable can process files uploaded to
the web server or a location acessible by the web server straight into the database
bypassing the aplication server and all firewalls.  

My logic tells me the executable should be on the application server but then how to get
the uploaded files to the application from web server for processing when only port 443 open?  

I thought about creating a shared directory on a separate machine visible
from both web and application servers and protected by an ACL restricting
access to just the Windows account the ASP.NET application is
running under and the Windows account the execxutable is running
under as a scheduled task but thought this might be a security
risk effectievly opening up a means of accessing
both servers from one location and no firewall.

If anyone has any ideas about this I would really appreciate it.

Many thanks
Question by:Samm1502
    LVL 16

    Accepted Solution

    In my opinion, the best place for your binary files would be a database.  
    They could easy be saved, stored and retrieved, and they could not be exicuted.

    Here are two links of interest:



    Author Comment

    That's a promising solution thanks


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now