[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 427
  • Last Modified:

permissions error when calling WScript.Shell and ftp.exe

I'm trying to do some FTP transfers within an ASP page. I'm getting an "access is denied" error on this statement:

set WSX=objShell.Exec("ftp.exe -i -s:D:\folder\tempN5L17ZO1LT.ftp ftp://ftp.domain.com")

I'm rather unfamiliar with WScript.Shell. I'm not sure where the permission problem is. Is it when trying to run ftp.exe itself? I'm not sure how this statement works, for example how does it know where to find ftp.exe?
0
bbdesign
Asked:
bbdesign
  • 3
1 Solution
 
kevp75Commented:
it's because essentially you are logging into the servers shell as the IUSR_machinename account (which is the anon, IIS user), and by defautl this user has barely any permissions.  In order for this to work for you, you would have to give that user Execute permissions on the ftp.exe file (which generally is not a very good idea to do...)
0
 
bbdesignAuthor Commented:
OK, so if I need to do FTP transactions within ASP, it may be a better idea to install an FTP component program instead of trying to give permissions to FTP.EXE to the anon. user account? I thought it would be nice if I didn't have to install a component to accomplish what I'm trying to do, but I don't want to screw up security either. Thanks!
0
 
Ted BouskillSenior Software DeveloperCommented:
The Windows FTP service (or any FTP service) is the least secure service available.  Generally when a Windows server is hacked, FTP is the weak link.  If you search there are articles for doing uploads/downloads directly in ASP code without FTP.
0
 
bbdesignAuthor Commented:
OK, here is what I'm trying to do, and maybe this isn't the best way, but its all I could figure out for now. I would love to hear any better suggestions.

Files sit in a wwwroot directory and do not have write permissions. There is an FTP account with access to the site, however.

Client logs in to an admin interface, I want them to be able to edit the text files in a browser.

I created a folder outside the wwwroot directory that does have write permissions, but is otherwise inaccessible from browsers (for security).

My idea was to FTP a temporary version of the file into the write permissions folder, do all editing there, then when a "publish" button is clicked, FTP the file back into the wwwroot directory.

I'm basically trying to get around the fact that there are no write permissions on the files, and use the FTP permissions that already exist, instead.
0
 
bbdesignAuthor Commented:
Sorry this took so long, thanks for the advice. I decided to install an FTP component instead of using the Windows FTP.exe, so I abandoned the Shell idea altogether. Seems to be working well now.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now