Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
Attention User Groups: Post your next INETA event here
  Return to Index  

aspx_professional thread: Read the contents of a file

Message #1 by "CMY" <my62202@y...> on Thu, 7 Nov 2002 08:35:18
Around 75% of stats are made up on the spot

James

-----Original Message-----
From: LaBranche, Kevin [mailto:klabranche@c...]
Sent: 07 November 2002 14:51
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file


For consideration (in addition to Paul's statement):
Up to 80% of hacks come from the inside...not outside.

-----Original Message-----
From: Paul Riley [mailto:rilez@t...]
Sent: Thursday, November 07, 2002 3:38 AM
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file

Lol. Yes I know what you mean but I used to be the IT Manager at this
company (a little smaller than the one your using by sounds of things)
so I can do it myself. Anyway just thought people had better know the
dangers if they are creating web side pages that's all :)

-----Original Message-----
From: Harvey, James [mailto:James.Harvey@b...]
Sent: 07 November 2002 10:27
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file

Dont get me wrong, I'd love to tie down the asp account and make is as
secure as possible however the team responsible to action these changes
can take some time. Time I dont have.

James

-----Original Message-----
From: Paul Riley [mailto:rilez@t...]
Sent: 07 November 2002 10:22
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file


As is mine but the intranet server is accessable externally. (doubles as
a semi internet server ie serves one page - don't ask :))

-----Original Message-----
From: Harvey, James [mailto:James.Harvey@b...]
Sent: 07 November 2002 10:13
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file

I agree but my development is for the intranet so external hacking is
never an issue.

James

-----Original Message-----
From: Paul Riley [mailto:rilez@t...]
Sent: 07 November 2002 10:11
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file


That's a terrible way of doing things. That gives your asp account (and
in turn your web server) complete user privelages - that's an open door
to hackers. You should be creating a very locked down user account just
for the asp account - something that can maybe read but not delete files
and only then files in certain directories. If you don't you are really
putting the network at risk

-----Original Message-----
From: Harvey, James [mailto:James.Harvey@b...]
Sent: 07 November 2002 10:01
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file

OK here what I did last time.

-Open up IIS Manager
-INTERNET SERVICES MANAGER-
-DIRECTORY SECURITY
-ANONYMOUS ACCESS AND AUTHENTICATION CONTROL (EDIT)
-ANONYMOUS ACCESS (TICK)
-ACCOUNT USED FOR ANONYMOUS ACCSS (EDIT)
<enter domain\username & password>

Now open up web.config in your app and add the following line in between
the <system.web> element
<system.web>
	<identity impersonate=3D"true" />
</system.web>

Now if you have enough permissions to perform a job such as read a
network file then so will your app.

James


-----Original Message-----
From: CMY [mailto:my62202@y...]
Sent: 07 November 2002 10:03
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file


Wah, this look complicated.

I'm blur and not sure what to do.

Btw, what is unc path ?


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> I mean the problem you might be having could be related to the web
applicat=3D
ion user not having enough permission to read the file over the network.

ie a default installation will create a local user called IUSR_<pc name>

an=3D
d this is the user that the web application runs under. So whenever a
resou=3D
rce is requested  (be it local or on the network) this user needs to
have e=3D
nough permissions to access it.=3D20

See http://support.microsoft.com/default.aspx?scid=3D3Dkb;en-us;Q307901
for h=3D
elp in accessing remote files, albeit this is for a remote MS Access Db.

James

-----Original Message-----
From: CMY [mailto:my62202@y...]
Sent: 07 November 2002 09:37
To: ASPX_Professional
Subject: [aspx_professional] RE: Read the contents of a file


Hi,

I don't really understand what you mean by security issue. Can elaborate
?

Actually the problem that I encountered was :

Before I deploy my application, I tried to use stream reader to read
the=3D20
file located at my own PC. And this works fine.

Then I tried to deploy my application to the server and test the
stream=3D20
reader. After I deployed and run the production version, my stream
reader=3D
 don't even work even though the file that I tried to read is located
at=3D20
my own PC.

I tried again and copy the file to another network drive and mapped
to=3D20
that drive from Windows Explorer. Again, I'm not able to read the file.

If there's a common directory that store a certain type of files and
I=3D20
need to read the content of a file from that directory. What should I
do=3D20
if I want to read the content of that file of that particular directory
?

Is it the problem doesn't lies with the stream reader but the mapping
of=3D20
location to that directory and security ?

Pls help. Thanks.


=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
=3D3
D=3D
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
=3D3D=3D3D=3D3D=3D3D=3D3D
> Are you sure its not a security issue? Are you using impersonation
now=3D20
your=3D3D
 dealing with network drives?

James

-----Original Message-----
From: CMY [mailto:my62202@y...]
Sent: 07 November 2002 08:35
To: ASPX_Professional
Subject: [aspx_professional] Read the contents of a file


Hi,

I'm using a stream reader to read the content of a file and diplayed=3D20
the=3D3D20
content on a multiline textbox.

It works fine if the file that I tried to read is located at my local=3D20
PC=3D3D20
directory.

But when I mapped to another network drive and tried to read the=3D20
content=3D3D20
of a file located at the mapped drive, this stream reader is not
working.
I have an error message saying that file is not found.

This is my code :

Sub read_file

    Dim srReadfile As StreamReader

    srReadfile =3D3D3D New StreamReader("z:\test\testfile.txt)
    txtDisplayContent.Text =3D3D3D srReadfile.ReadToEnd()
    srReadfile.Close()

End Sub

P/S : z:\test\ is the directory that I mapped.

Is there a better approach to read the content instead of using
stream=3D3D20
reader ?

Pls help. Thanks.
---
Change your mail options at http://p2p.wrox.com/manager.asp or=3D3D20
to unsubscribe send a blank email to leave-aspx_professional-
1629744L@p...=3D3D
rox.com.


**********************************************************************
This electronic mail message, including any attachments, is a=3D20
confidential =3D3D
communication exclusively between Babcock International BES Division
and=3D20
th=3D3D
e intended recipient(s) indicated as the addressee(s).
It contains information which is private and may be proprietary or=3D20
covered =3D3D
by legal professional privilege.
If you receive this message in any form and you are not the intended=3D20
recipi=3D3D
ent you must not review, use, disclose or disseminate it. =3D3D20
We would be grateful if you could contact the sender upon receipt and
in=3D20
an=3D3D
y event you should destroy this message without delay. =3D3D20
Anything contained in this message that is not connected with the=3D20
business =3D3D
of Babcock International BES Division is neither endorsed by nor is
the=3D20
lia=3D3D
bility of this company.

Babcock International BES Division
Telephone: +44 (0) 1383 412131
Website: www.babcockbes.co.uk
**********************************************************************

---
Change your mail options at http://p2p.wrox.com/manager.asp or=3D20
to unsubscribe send a blank email to leave-aspx_professional-
1629744L@p...=3D
rox.com.


**********************************************************************
This electronic mail message, including any attachments, is a
confidential =3D
communication exclusively between Babcock International BES Division and

th=3D
e intended recipient(s) indicated as the addressee(s).
It contains information which is private and may be proprietary or
covered =3D
by legal professional privilege.
If you receive this message in any form and you are not the intended
recipi=3D
ent you must not review, use, disclose or disseminate it. =3D20
We would be grateful if you could contact the sender upon receipt and in

an=3D
y event you should destroy this message without delay. =3D20
Anything contained in this message that is not connected with the
business =3D
of Babcock International BES Division is neither endorsed by nor is the
lia=3D
bility of this company.

Babcock International BES Division
Telephone: +44 (0) 1383 412131
Website: www.babcockbes.co.uk
**********************************************************************



**********************************************************************
This electronic mail message, including any attachments, is a
confidential communication exclusively between Babcock International BES
Division and the intended recipient(s) indicated as the addressee(s).
It contains information which is private and may be proprietary or
covered by legal professional privilege.
If you receive this message in any form and you are not the intended
recipient you must not review, use, disclose or disseminate it. 
We would be grateful if you could contact the sender upon receipt and in
any event you should destroy this message without delay. 
Anything contained in this message that is not connected with the
business of Babcock International BES Division is neither endorsed by
nor is the liability of this company.

Babcock International BES Division
Telephone: +44 (0) 1383 412131
Website: www.babcockbes.co.uk
**********************************************************************






**********************************************************************
This electronic mail message, including any attachments, is a
confidential communication exclusively between Babcock International BES
Division and the intended recipient(s) indicated as the addressee(s).
It contains information which is private and may be proprietary or
covered by legal professional privilege.
If you receive this message in any form and you are not the intended
recipient you must not review, use, disclose or disseminate it. 
We would be grateful if you could contact the sender upon receipt and in
any event you should destroy this message without delay. 
Anything contained in this message that is not connected with the
business of Babcock International BES Division is neither endorsed by
nor is the liability of this company.

Babcock International BES Division
Telephone: +44 (0) 1383 412131
Website: www.babcockbes.co.uk
**********************************************************************






**********************************************************************
This electronic mail message, including any attachments, is a
confidential communication exclusively between Babcock International BES
Division and the intended recipient(s) indicated as the addressee(s).
It contains information which is private and may be proprietary or
covered by legal professional privilege.
If you receive this message in any form and you are not the intended
recipient you must not review, use, disclose or disseminate it. 
We would be grateful if you could contact the sender upon receipt and in
any event you should destroy this message without delay. 
Anything contained in this message that is not connected with the
business of Babcock International BES Division is neither endorsed by
nor is the liability of this company.

Babcock International BES Division
Telephone: +44 (0) 1383 412131
Website: www.babcockbes.co.uk
**********************************************************************






to unsubscribe send a blank email to leave-aspx_professional-1629744L@p...
rox.com.


**********************************************************************
This electronic mail message, including any attachments, is a confidential 
communication exclusively between Babcock International BES Division and th
e intended recipient(s) indicated as the addressee(s).
It contains information which is private and may be proprietary or covered 
by legal professional privilege.
If you receive this message in any form and you are not the intended recipi
ent you must not review, use, disclose or disseminate it. 
We would be grateful if you could contact the sender upon receipt and in an
y event you should destroy this message without delay. 
Anything contained in this message that is not connected with the business 
of Babcock International BES Division is neither endorsed by nor is the lia
bility of this company.

Babcock International BES Division
Telephone: +44 (0) 1383 412131
Website: www.babcockbes.co.uk
**********************************************************************

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy