|
 |
asptoday_discuss thread: Security Issue Question
Message #1 by "laeg byrne" <laeg_enterprises@y...> on Thu, 24 Jan 2002 13:02:07
|
|
Creating an intranet,
http://myserver/myintranetfolder/index.asp
In the course navigation through the site there is a page that
shows all subfolders in myintranetfolder. I need to set permissions
for certain users for certain folders that are rendered. How do I
do that.
I thought of simply assigning users with certain status
levels in a db and on that basis allowing them to read the folders
contents or not but that is fairly useless seeing as a user can
navigate via http to the folder and read it ie http://myserver
and browse through myintranet and its subfolders.
It would seem then that I need set overall permissions for this
folder, how would this be done?
Message #2 by "asame" <asame00@y...> on Thu, 24 Jan 2002 14:42:26 -0000
|
|
1. You should be able to place the folders outside the site and bring their
content in as conditional include files.
2. You could convert the folders to hidden types under a directory in
C:\Windows and use "filesystemobject.GetspecialFolder" to retrieve the
contents for users meeting the login criteria. NOTE: do not ruin your
Windows files.
3. Most Secure - Place them on a dedicated drive and use the Drive Object to
churn out info to properly authenticated users only.
There are a thousand and one other ways ...Good luck
----- Original Message -----
From: "laeg byrne" <laeg_enterprises@y...>
To: "ASPToday Discuss" <asptoday_discuss@p...>
Sent: Thursday, January 24, 2002 1:02 PM
Subject: [asptoday_discuss] Security Issue Question
>
> Creating an intranet,
>
> http://myserver/myintranetfolder/index.asp
>
> In the course navigation through the site there is a page that
> shows all subfolders in myintranetfolder. I need to set permissions
> for certain users for certain folders that are rendered. How do I
> do that.
>
> I thought of simply assigning users with certain status
> levels in a db and on that basis allowing them to read the folders
> contents or not but that is fairly useless seeing as a user can
> navigate via http to the folder and read it ie http://myserver
> and browse through myintranet and its subfolders.
>
> It would seem then that I need set overall permissions for this
> folder, how would this be done?
>
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Message #3 by "=?iso-8859-1?q?Laeg=20Ent.?=" <laeg_enterprises@y...> on Thu, 24 Jan 2002 15:52:13 +0000 (GMT)
|
|
Having applied solution 3 I wrote the following code
but it threw me a Object_not_a_collection error line 6
when I declared MyFileObject, Running IIS 5.0 on
Windows 2000 Server
<html>
<head>
<title>Drives</title></head>
<body>
<%
Set MyFileObject=Server.CreateObject
("Scripting.FileSystemObject")
FOR EACH thing in MyFileObject.Drives
%>
<br>Drive Letter: <%=thing.DriveLetter%>
<br>Drive Total : <%=thing.TotalSize%>
<br>Drive Available Space : <%=thing.AvailableSpace%>
<hr>
<%
NEXT
%>
</body></html>
--- asame <asame00@y...> wrote: > 1. You should
be able to place the folders outside
> the site and bring their
> content in as conditional include files.
> 2. You could convert the folders to hidden types
> under a directory in
> C:\Windows and use
> "filesystemobject.GetspecialFolder" to retrieve the
> contents for users meeting the login criteria. NOTE:
> do not ruin your
> Windows files.
> 3. Most Secure - Place them on a dedicated drive and
> use the Drive Object to
> churn out info to properly authenticated users only.
>
> There are a thousand and one other ways ...Good luck
>
> ----- Original Message -----
> From: "laeg byrne" <laeg_enterprises@y...>
> To: "ASPToday Discuss"
> <asptoday_discuss@p...>
> Sent: Thursday, January 24, 2002 1:02 PM
> Subject: [asptoday_discuss] Security Issue Question
>
>
> >
> > Creating an intranet,
> >
> > http://myserver/myintranetfolder/index.asp
> >
> > In the course navigation through the site there is
> a page that
> > shows all subfolders in myintranetfolder. I need
> to set permissions
> > for certain users for certain folders that are
> rendered. How do I
> > do that.
> >
> > I thought of simply assigning users with certain
> status
> > levels in a db and on that basis allowing them to
> read the folders
> > contents or not but that is fairly useless seeing
> as a user can
> > navigate via http to the folder and read it ie
> http://myserver
> > and browse through myintranet and its subfolders.
> >
> > It would seem then that I need set overall
> permissions for this
> > folder, how would this be done?
> >
> >
>
>
>
>
_________________________________________________________
>
> Do You Yahoo!?
>
> Get your free @yahoo.com address at
> http://mail.yahoo.com
>
>
>
>
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
Message #4 by "asame" <asame00@y...> on Thu, 24 Jan 2002 18:01:24 -0000
|
|
You have no drive object! :) You'er begging and whipping the man
(MyFileObject) for what he can't give!
1. You should first create your FSO 2. Create the drive object
(theDriveObject) and assign FSO to some sweat work.
Dim theDriveObject, MyFileObject
Set MyFileObject=Server.CreateObject ("Scripting.FileSystemObject") 'Step 1
theDriveObject=MyFileObject.GetDrive("C:") 'Step 2 (replace "C:" with any
drive)
Now you can ask "theDriveObject" questions like <%Response.Write
theDriveObject.DriveLetter%> and so on.
Hope that helped.
PS the drive collection should be accessed using the drive index (Drives(2))
or by name (Drives("D")). It works exactly like the items property.
----- Original Message -----
From: "Laeg Ent." <laeg_enterprises@y...>
To: "ASPToday Discuss" <asptoday_discuss@p...>
Sent: Thursday, January 24, 2002 3:52 PM
Subject: [asptoday_discuss] Re: Security Issue Question
> Having applied solution 3 I wrote the following code
> but it threw me a Object_not_a_collection error line 6
>
> when I declared MyFileObject, Running IIS 5.0 on
> Windows 2000 Server
>
> <html>
> <head>
> <title>Drives</title></head>
> <body>
> <%
> Set MyFileObject=Server.CreateObject
> ("Scripting.FileSystemObject")
>
> FOR EACH thing in MyFileObject.Drives
> %>
>
> <br>Drive Letter: <%=thing.DriveLetter%>
> <br>Drive Total : <%=thing.TotalSize%>
> <br>Drive Available Space : <%=thing.AvailableSpace%>
> <hr>
> <%
> NEXT
> %>
> </body></html>
>
>
>
> --- asame <asame00@y...> wrote: > 1. You should
> be able to place the folders outside
> > the site and bring their
> > content in as conditional include files.
> > 2. You could convert the folders to hidden types
> > under a directory in
> > C:\Windows and use
> > "filesystemobject.GetspecialFolder" to retrieve the
> > contents for users meeting the login criteria. NOTE:
> > do not ruin your
> > Windows files.
> > 3. Most Secure - Place them on a dedicated drive and
> > use the Drive Object to
> > churn out info to properly authenticated users only.
> >
> > There are a thousand and one other ways ...Good luck
> >
> > ----- Original Message -----
> > From: "laeg byrne" <laeg_enterprises@y...>
> > To: "ASPToday Discuss"
> > <asptoday_discuss@p...>
> > Sent: Thursday, January 24, 2002 1:02 PM
> > Subject: [asptoday_discuss] Security Issue Question
> >
> >
> > >
> > > Creating an intranet,
> > >
> > > http://myserver/myintranetfolder/index.asp
> > >
> > > In the course navigation through the site there is
> > a page that
> > > shows all subfolders in myintranetfolder. I need
> > to set permissions
> > > for certain users for certain folders that are
> > rendered. How do I
> > > do that.
> > >
> > > I thought of simply assigning users with certain
> > status
> > > levels in a db and on that basis allowing them to
> > read the folders
> > > contents or not but that is fairly useless seeing
> > as a user can
> > > navigate via http to the folder and read it ie
> > http://myserver
> > > and browse through myintranet and its subfolders.
> > >
> > > It would seem then that I need set overall
> > permissions for this
> > > folder, how would this be done?
> > >
> > >
> >
> >
> >
> >
> _________________________________________________________
> >
> > Do You Yahoo!?
> >
> > Get your free @yahoo.com address at
> > http://mail.yahoo.com
> >
> >
> >
> >
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Message #5 by "Joe Hughes" <JoeHughes@M...> on Thu, 24 Jan 2002 18:28:14 -0000
|
|
Laeg,
The Drives code is fine; well I've just tested a similar thing on my machine
(IIS5, Win2K Pro)
If you look at the object structure of the FSO; Drives is a collection...
(http://www.sloppycode.net/fso/?m=58)
Try the code below;
The Code I used was;
-------------------------------------
<%
'included as removable drives
'throw errors if not ready
on error resume next
Dim Fso
Dim oDrive
Set Fso = Server.CreateObject("Scripting.FileSystemObject")
For each oDrive in Fso.Drives
Response.Write(oDrive.DriveLetter & "<BR>")
Response.Write(oDrive.TotalSize & "<BR>")
Response.Write(oDrive.AvailableSpace & "<BR>")
Response.Write("<HR>")
Next
%>
--------------------------------------
You can then drill down using "Set oDrive = Fso.GetDrive...."
Joe Hughes
-----Original Message-----
From: Laeg Ent. [mailto:laeg_enterprises@y...]
Sent: 24 January 2002 15:52
To: ASPToday Discuss
Subject: [asptoday_discuss] Re: Security Issue Question
Having applied solution 3 I wrote the following code
but it threw me a Object_not_a_collection error line 6
when I declared MyFileObject, Running IIS 5.0 on
Windows 2000 Server
<html>
<head>
<title>Drives</title></head>
<body>
<%
Set MyFileObject=Server.CreateObject
("Scripting.FileSystemObject")
FOR EACH thing in MyFileObject.Drives
%>
<br>Drive Letter: <%=thing.DriveLetter%>
<br>Drive Total : <%=thing.TotalSize%>
<br>Drive Available Space : <%=thing.AvailableSpace%>
<hr>
<%
NEXT
%>
</body></html>
--- asame <asame00@y...> wrote: > 1. You should
be able to place the folders outside
> the site and bring their
> content in as conditional include files.
> 2. You could convert the folders to hidden types
> under a directory in
> C:\Windows and use
> "filesystemobject.GetspecialFolder" to retrieve the
> contents for users meeting the login criteria. NOTE:
> do not ruin your
> Windows files.
> 3. Most Secure - Place them on a dedicated drive and
> use the Drive Object to
> churn out info to properly authenticated users only.
>
> There are a thousand and one other ways ...Good luck
>
> ----- Original Message -----
> From: "laeg byrne" <laeg_enterprises@y...>
> To: "ASPToday Discuss"
> <asptoday_discuss@p...>
> Sent: Thursday, January 24, 2002 1:02 PM
> Subject: [asptoday_discuss] Security Issue Question
>
>
> >
> > Creating an intranet,
> >
> > http://myserver/myintranetfolder/index.asp
> >
> > In the course navigation through the site there is
> a page that
> > shows all subfolders in myintranetfolder. I need
> to set permissions
> > for certain users for certain folders that are
> rendered. How do I
> > do that.
> >
> > I thought of simply assigning users with certain
> status
> > levels in a db and on that basis allowing them to
> read the folders
> > contents or not but that is fairly useless seeing
> as a user can
> > navigate via http to the folder and read it ie
> http://myserver
> > and browse through myintranet and its subfolders.
> >
> > It would seem then that I need set overall
> permissions for this
> > folder, how would this be done?
> >
> >
>
>
>
>
_________________________________________________________
>
> Do You Yahoo!?
>
> Get your free @yahoo.com address at
> http://mail.yahoo.com
>
>
>
>
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
|
|
|
View Cart
