Webserver Security - IIS 6 - Server 2003

Hello. We started doing web design and hosting about a year ago. I have a customer who wants to be able to access content directly to update text. A consultant found TDE Web Editior which allows a user to log in to a CMS type of backend (http://www.topdreamweaverextensions.com/website-editor).

Up until now, I have tried to keep our webserver very secure (as secure as it can be anyways). As for permissions on each site, view contents is it. But it looks like for this to work, I need to allow:
Read
Write
Execute Permissions - Scripts Only
And Browse Directory.
At least that's the only way we've gotten it to work so far.

Does this pose a security risk? Any experts care to comment?

Thank you!
dsmjeffAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dmarinenkoCommented:
Any time you open up permissions it creates some security risk.  security and functionality are kind of opposites.  Does the "CMS type of backend" allow https:// communication?  This would help if it does rather then run unencrypted.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dsmjeffAuthor Commented:
I don't know. I just sent them a email. But even if it does support HTTPS, that just encrypts the traffic in between, which is good.... but, will that open my server up to more vulnerabilities?

Thanks.
0
dmarinenkoCommented:
OF course, you now have another way for people to log in.  Is it going to be a specific vulnerability, probably not as long as you have a strong password.  The https:// is to block of someone retrieving the password.  The thing is if it is something you need then put it on, there is only so much you can do about security.  The most secure computer isn't connected to the internet at all, but yours is because of necessity.  I would put it on with a secure password and use https when communicating with it and you should be fine.
0
dsmjeffAuthor Commented:
They tell me it does support SSL. I'll try that and see.
 
Thanks.
0
dsmjeffAuthor Commented:
Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.