write permissions and security

M

mark | r

we're working on a cms system that allows the admin to upload files to the
server - the host (supplied by the client) says that opening write
permissions means that windows is open to exploits.

we're using FSO to move the file

anyone know a way of locking down this so its not 'open to exploits' ?

thanks

mark
 
J

Jeff Cochran

we're working on a cms system that allows the admin to upload files to the
server - the host (supplied by the client) says that opening write
permissions means that windows is open to exploits.

we're using FSO to move the file

anyone know a way of locking down this so its not 'open to exploits' ?
Click to expand...

You can either deny writes and be safer or allow them and be less
safe. In your case, you have to sacrifice one element of security in
order to provide functionality, but that's what all security decisions
entail. Some might argue that the primary cause of all exploits is
having a computer. At least until your toaster gets hacked and used
for serving WaReZ bagels...

Jeff
 
R

Roland Hall

in message
: we're working on a cms system that allows the admin to upload files to the
: server - the host (supplied by the client) says that opening write
: permissions means that windows is open to exploits.
:
: we're using FSO to move the file
:
: anyone know a way of locking down this so its not 'open to exploits' ?

Hi Mark...

This does not have to be a security issue. Opening write permissions to a
data repository that then gets processed by the server to move the files
where they need to be can be quite secure. You can put as many layers of
security on this as you need. You could define a VPN between you, with SSL
connectivity, logon with name/password, MD5 checksum, acceptance of only
specific IPs in your tunnel, call back, etc.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Worker Process Write Permissions 2
Excel Interop & IIS: Permissions Issue: PlugPlayManager Security Failure 5
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
IIS5 and permissions 9
Permissions on another server 5
Folder permissions 7
User Security (Roles & Permissions) 0
Permissions on new Text File - IIS6 and Windows authentication. 1

Members online

No members online now.
Total: 37 (members: 0, guests: 37)
Robots: 442

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,048
Latest member
verona

Latest Threads

Top