write permissions and security

Discussion in 'ASP General' started by mark | r, Sep 6, 2004.

  1. mark | r

    mark | r Guest

    we're working on a cms system that allows the admin to upload files to the
    server - the host (supplied by the client) says that opening write
    permissions means that windows is open to exploits.

    we're using FSO to move the file

    anyone know a way of locking down this so its not 'open to exploits' ?

    thanks

    mark
     
    mark | r, Sep 6, 2004
    #1
    1. Advertising

  2. mark | r

    Jeff Cochran Guest

    On Mon, 6 Sep 2004 13:21:41 +0100, "mark | r" <>
    wrote:

    >we're working on a cms system that allows the admin to upload files to the
    >server - the host (supplied by the client) says that opening write
    >permissions means that windows is open to exploits.
    >
    >we're using FSO to move the file
    >
    >anyone know a way of locking down this so its not 'open to exploits' ?


    You can either deny writes and be safer or allow them and be less
    safe. In your case, you have to sacrifice one element of security in
    order to provide functionality, but that's what all security decisions
    entail. Some might argue that the primary cause of all exploits is
    having a computer. At least until your toaster gets hacked and used
    for serving WaReZ bagels...

    Jeff
     
    Jeff Cochran, Sep 6, 2004
    #2
    1. Advertising

  3. mark | r

    Roland Hall Guest

    "mark | r" wrote in message
    news:413c565a$0$8470$...
    : we're working on a cms system that allows the admin to upload files to the
    : server - the host (supplied by the client) says that opening write
    : permissions means that windows is open to exploits.
    :
    : we're using FSO to move the file
    :
    : anyone know a way of locking down this so its not 'open to exploits' ?

    Hi Mark...

    This does not have to be a security issue. Opening write permissions to a
    data repository that then gets processed by the server to move the files
    where they need to be can be quite secure. You can put as many layers of
    security on this as you need. You could define a VPN between you, with SSL
    connectivity, logon with name/password, MD5 checksum, acceptance of only
    specific IPs in your tunnel, call back, etc.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Sep 6, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott Allen
    Replies:
    0
    Views:
    440
    Scott Allen
    Jul 13, 2004
  2. Ed Sutton
    Replies:
    4
    Views:
    368
    Laurent Bugnion
    Oct 3, 2006
  3. Curt K
    Replies:
    0
    Views:
    566
    Curt K
    Nov 3, 2006
  4. Suneel Jhangiani

    Role based Security and Permissions

    Suneel Jhangiani, Jun 3, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    129
    Suneel Jhangiani
    Jun 3, 2004
  5. Leyla
    Replies:
    2
    Views:
    691
    Leyla
    Aug 17, 2006
Loading...

Share This Page