Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Security regarding IUSR_ASP & IWAM_ASP on IIS 6.0

Posted on 2007-12-06
3
668 Views
Last Modified: 2008-03-06
Friends,
             Will there be any security risk for my system after i allow FULL ACCESS to IUSR_ASP & IWAM_ASP IIS accounts on websites that i host from Windows 2003 Enterprise Edition ? If yes, then what do i need to take into consideration ? waiting for your reply. Thank you


Beginner
http://healthtreatments.blogspot.com
0
Comment
Question by:umnict
3 Comments
 
LVL 11

Accepted Solution

by:
saleek earned 125 total points
ID: 20418313
Hi there,

Firstly, Why would you want to give the entire website full access?
Do you mean the root folder or a subfolder?
Assigning full access to this account for specific subfolders is not a problem and you are safe to do so providing they are a logical layer of your app and do not contain executable scripts etc.

For example, giving full permission to the account on a subfolder where images/pdfs are created and stored is perfectly safe.

Giving full permission to the account on subfolders/root folders where there are scripts etc is not recommended as far as I am aware.

Saying this, the general consensus would be that there is no security risk unless some hostile
person can somehow take control of your ASP.Net app.

The following link can give you some details on what permissions the aspnet account has by default: http://support.microsoft.com/kb/317012

Hope that helps.

regards,

KS


0
 
LVL 1

Expert Comment

by:Vee_Mod
ID: 20491688
No Response to Expert.
Force closed.
Vee_Mod
Community Support Moderator
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question