p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

asp_components thread: IUSR permissions and security


Message #1 by "Geoff Hankerson" <ghank@m...> on Tue, 26 Mar 2002 11:02:16 -0600
This is a multi-part message in MIME format.

------=_NextPart_000_0032_01C1D4B5.B123FF60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I need to my Web application to write an xml file (really just a text 
file)  to be parsed and processed by a completely different system.

It appears the IUSR account needs to have at least write (and delete) 
permmissions in the director where the xml file is written if not full 
control.

Isn't this a security risk? If so how do I let my web application write 
a text file without opening myself up to security risks? Am I missing 
something here?


Message #2 by "Geoff Hankerson" <ghank@l...> on Tue, 26 Mar 2002 17:13:57
> This is a multi-part message in MIME format.

------=_NextPart_000_0032_01C1D4B5.B123FF60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I need to my Web application to write an xml file (really just a text 
file)  to be parsed and processed by a completely different system.

It appears the IUSR account needs to have at least write (and delete) 
permmissions in the director where the xml file is written if not full 
control.

Isn't this a security risk? If so how do I let my web application write 
a text file without opening myself up to security risks? Am I missing 
something here?


Message #3 by "Geoff Hankerson" <ghank@l...> on Tue, 26 Mar 2002 17:15:00
Sorry about sending in html format. I have changes my settings so it 
won't happen again
> This is a multi-part message in MIME format.

------=_NextPart_000_0032_01C1D4B5.B123FF60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I need to my Web application to write an xml file (really just a text 
file)  to be parsed and processed by a completely different system.

It appears the IUSR account needs to have at least write (and delete) 
permmissions in the director where the xml file is written if not full 
control.

Isn't this a security risk? If so how do I let my web application write 
a text file without opening myself up to security risks? Am I missing 
something here?

Message #4 by "Chris Tucker" <chris.tucker@c...> on Wed, 27 Mar 2002 17:51:10
You can do one of two things.
First, you can change the NT user for which anonymous access is given by 
selecting "Properties" for your application directory in IS then going to 
the "Directory Security" tab. By default, all anonymous requests will use 
the IUSR_<machine name> account.  You can create another account (either 
local or domain-wide) and use that instead of the default.  This will give 
you more security protection because no one on the outside will know the 
new account you used.

Second, you can create a COM component to create the XML file.  This 
component can be configured to run under a specific security context if is 
run under MTS/COM+.  If not, the component will run under the context of 
the anonymous user).

Hope this helps.

> This is a multi-part message in MIME format.

------=_NextPart_000_0032_01C1D4B5.B123FF60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I need to my Web application to write an xml file (really just a text 
file)  to be parsed and processed by a completely different system.

It appears the IUSR account needs to have at least write (and delete) 
permmissions in the director where the xml file is written if not full 
control.

Isn't this a security risk? If so how do I let my web application write 
a text file without opening myself up to security risks? Am I missing 
something here?



  Return to Index