Solved

Security regarding IUSR_ASP & IWAM_ASP on IIS 6.0

Posted on 2007-12-06
3
667 Views
Last Modified: 2008-03-06
Friends,
             Will there be any security risk for my system after i allow FULL ACCESS to IUSR_ASP & IWAM_ASP IIS accounts on websites that i host from Windows 2003 Enterprise Edition ? If yes, then what do i need to take into consideration ? waiting for your reply. Thank you


Beginner
http://healthtreatments.blogspot.com
0
Comment
Question by:umnict
3 Comments
 
LVL 11

Accepted Solution

by:
saleek earned 125 total points
ID: 20418313
Hi there,

Firstly, Why would you want to give the entire website full access?
Do you mean the root folder or a subfolder?
Assigning full access to this account for specific subfolders is not a problem and you are safe to do so providing they are a logical layer of your app and do not contain executable scripts etc.

For example, giving full permission to the account on a subfolder where images/pdfs are created and stored is perfectly safe.

Giving full permission to the account on subfolders/root folders where there are scripts etc is not recommended as far as I am aware.

Saying this, the general consensus would be that there is no security risk unless some hostile
person can somehow take control of your ASP.Net app.

The following link can give you some details on what permissions the aspnet account has by default: http://support.microsoft.com/kb/317012

Hope that helps.

regards,

KS


0
 
LVL 1

Expert Comment

by:Vee_Mod
ID: 20491688
No Response to Expert.
Force closed.
Vee_Mod
Community Support Moderator
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now