tobzzz
asked on
Security first, creating & deleting files on server *without* 777 permissions in classic ASP
Attached is code I use in my sites for creating, updating and deleting a file/folder. I need to know how I can run these scripts to a folder on a server (shared server, I cannot mod server settings) without having 777 as my folder/file permissions. The host is The Rackspace Cloud (formerly Mosso) if that helps. Details of hybrid servers then run etc can be found at:
http://www.rackspacecloud.com/cloud_hosting_products/sites/technology
Can anyone tell me what permission to use that will be secure to hacks/injection but run all this code please? I need the websites to be fully viewable by website visitors. These scripts will only be ran by admins logged in to a secure backend.
Thanks!
http://www.rackspacecloud.com/cloud_hosting_products/sites/technology
Can anyone tell me what permission to use that will be secure to hacks/injection but run all this code please? I need the websites to be fully viewable by website visitors. These scripts will only be ran by admins logged in to a secure backend.
Thanks!
' Create a folder example
Set fso = CreateObject("Scripting.FileSystemObject")
fso.CreateFolder(Application("ServerRoot") & "myNewFolder")
Set fso = Nothing
' Modify a file
Const ForReading = 1 : Const ForWriting = 2
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(Application("ServerRoot") & "myNewFolder\index.asp", ForReading)
strText = objFile.ReadAll
objFile.Close
strNewText = Replace(strText, "ReplaceThisLine","WithThis")
Set objFile = objFSO.OpenTextFile(Application("ServerRoot") & "myNewFolder\index.asp", ForWriting)
objFile.WriteLine strNewText
objFile.Close
Set objFSO = Nothing
' Delete a file
Set fso = CreateObject("Scripting.FileSystemObject")
fso.DeleteFile(Application("ServerRoot") & "myNewFolder/index.asp")
Set fso = Nothing
' Copy a file
Set f2 = fso.GetFile(Application("ServerRoot") & "myNewFolder\pageTemplate.asp")
f2.Copy (Application("ServerRoot") & "myNewFolder\index.asp")
Set f2 = nothing
Set fso = nothing
ASKER
thanks rdivilbiss but 744 just doesn't allow me to run my code. "Permission denied" errors. I believe this is because anyone running scripts is set as user = "PCUSER", whereas when I upload files via FTP, the user = "MYNAME". The hosting company is saying "absolutely do not use 777 under any circumstances" but I cannot run any of my code/sites without that! What can I do?
ASKER
I believe my hosting co. have Perists ASPupload, could I use impersonation to do it? How would I apply this to my code if so? Is there any other way?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For reference, in case you need to try other permissions see: http://www.zzee.com/solutions/unix-permissions.shtml
Regards,
Rod