Securing a HTTP PUT handler in IIS

Discussion in 'ASP .Net Security' started by Chris Hughes, Jan 23, 2004.

  1. Chris Hughes

    Chris Hughes Guest

    Can someone please advise whether it is possible for a HTTP handler
    (IHttpHandler) to consume HTTP PUTs without having to set both write
    and execute permission on the IIS virtual dir?

    I have an environment with files being uploaded to an IIS server via
    HTTP PUT. I have implemented a HTTP handler to consume the PUTs, to
    avoid disk I/O on the server, but this only works when both write and
    execute permission are granted on the IIS virtual dir. This raises
    serious security concerns.

    I suspect that the problem lies in the use of PUT instead of POST.
    Unfortunately, the choice of protocol is part of a legacy codebase,
    that I am unable to change.

    Please let me know if it is possible do this and, if so, what I am
    doing wrong.

    Many thanks,
    Chris Hughes
     
    Chris Hughes, Jan 23, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Earl Teigrob
    Replies:
    5
    Views:
    510
    Guy Lukes
    Mar 5, 2004
  2. Tod Birdsall
    Replies:
    2
    Views:
    472
    Juan T. Llibre
    Jan 28, 2005
  3. shruds
    Replies:
    1
    Views:
    893
    John C. Bollinger
    Jan 27, 2006
  4. Replies:
    1
    Views:
    733
    Damien
    Feb 22, 2007
  5. Replies:
    0
    Views:
    371
Loading...

Share This Page