Permissions on another server - ASP / Active Server Pages

middletree

I have two separate questions that are closely related enough that I am
going to package them here.

1. On an Intranet app which tracks tickets for the Tech Support department,
I have the word "Files" hyperlinked like this: <a href=\\serverna me\files\
target="_blank" > and it points to a server on the network where files
relating to tickets are located.
I'd like to be able to point that link directly to the folder, which has the
same number as that ticket. For example, if you're clicking the link from
the page for ticket 1000, your link would be to \\servername\fi les\1000.

The problem with working with the above is that in some cases, the folder
doesn't exist, and when you click it, it really hoses your browser. It
freezes up, often causing users to have to restart the browser. Is there a
way to check to see if the folder exists, so I can put in an If statement?
I found the property "FileExists " of the FileSystemObjec t, but it doesn't
seem to work. If there is a setting that will make it work, I'd appreciate
guidance finding that. Also, is this a potential security problem?

I should add that the server where the files are located is not the same
machine as the intranet server where this app resides, but is on the same
network.

2. Now this one is more complex. I want to make it where only people who
are in the Tech Support Dept have permissions to even get into the "files"
directory described above. Of course, this is a network admin issue, not
ASP. But, if I have named a particular person in another department to help
me on a ticket, I'd like to automatically give him permissions to get to
that directory. Not the "files" directory, but the ticket directory under
it. In the example above, if I am getting John the DBA's help for Ticket
1000, and I have marked him as helping me in my SQL Server database, then
he'd have access to the folder called 1000 inside the Files directory.

Is it even possible to use ASP code to set permissions like that?

Sep 27 '05 #1

Subscribe Reply

1386

Phill. W

"middletree " <mi********@ver ywarmmail.com> wrote in message
news:ex******** ******@TK2MSFTN GP10.phx.gbl...

1. On an Intranet app which tracks tickets for the Tech Support
department, I have the word "Files" hyperlinked like this:
<a href=\\serverna me\files\ target="_blank" >
and it points to a server on the network where files relating to
tickets are located.
First problem - getting ASP and, more importantly, the FSO to
be able to see anything /not/ stored on the same piece of tin.
Sadly, I've never had the need to do this - hopefully someone
else can fill this bit in.
I'd like to be able to point that link directly to the folder, which has
the same number as that ticket. For example, if you're clicking the
link from the page for ticket 1000, your link would be to
\\servername\fi les\1000.
Bad Idea. Once you put a link like that out in the open, it's /murder/
to try and secure it again. Have your ASP code produce a link to
[A.N.Other] ASP, passing the ticket number as a QueryString
parameter.
The problem with working with the above is that in some cases, the
folder doesn't exist, and when you click it, it really hoses your
browser.
There is an equivalent FolderExists() method but, again, I'm, not
sure you'll be able to use it "off" the box.
Also, is this a potential security problem?
Yes.
2. Now this one is more complex. I want to make it where only
people who are in the Tech Support Dept have permissions to even
get into the "files" directory described above.
This is where the A.N.Other ASP comes into its own.
It is given the ticket number and can, presumably, work out just
/who/ is trying to access it. The combination of these two determines
the output generated (i.e. a file listing or a [polite] "go away" message).
if I have named a particular person in another department to help
me on a ticket, I'd like to automatically give him permissions to get
to that directory.
Now that's a different challenge. How are you linking the two
(person and ticket) together?
if I am getting John the DBA's help for Ticket 1000, and I have
marked him as helping me in my SQL Server database,
Oops - missed that bit.
then he'd have access to the folder called 1000 inside the Files
directory.

So you have a database table somewhere that links people to
tickets. Your ASP would have to interrogate this, using the given
ticket number and current UserId (however you get hold of it).
If there's a "match", you can generate the file listing of that ticket's
directory. If not, out goes the [polite] "go away" message.

Again, the file listing generated by this should /not/ have links direct
to the target files, but to an ASP that will "serve" the file back to
the user when they click on the link. Again, if you give someone a
link to a file directly, it's much harded to take it away from them again,
later on.

HTH,
Phill W.

Sep 27 '05 #2

middletree

> This is where the A.N.Other ASP comes into its own.

Do you just mean another, separate ASP file to do the processing? Or is this
a name of a special component called A.N.Other? If so, I am unfamiliar with
it. Got a link?

So you have a database table somewhere that links people to
tickets. Your ASP would have to interrogate this, using the given
ticket number and current UserId (however you get hold of it).
If there's a "match", you can generate the file listing of that ticket's
directory. If not, out goes the [polite] "go away" message.

Yeah, I guess I could do that, but the boss is asking me to use ASP code to
allow permissions on the directory, when it otherwise would not allow them.
So this is really about asking how to use ASP to do the IT dept's job.

Sep 27 '05 #3

Phill. W

"middletree " <mi********@ver ywarmmail.com> wrote in message
news:Ox******** ******@TK2MSFTN GP10.phx.gbl...

This is where the A.N.Other ASP comes into its own.
Do you just mean another, separate ASP file to do the processing?

Yes; just a regular ASP, written to deal with this particular job.
No components required.
the boss is asking me
Oh dear ...
to use ASP code to allow permissions on the directory, when
it otherwise would not allow them.

IMHO, that's a seriously Bad Idea. In the first place, you'd have
to give your web site some pretty heavyweight permissions just to
be able to do this in the first place; consider the potential for
damage if your site were to be hacked...

Secondly, file system permissions only serve to make things more
complicated, espcially when they go wrong. Far better, IMO, to
have the [web] server deal with access control - which it can do
fairly /easily/ with the data you have to hand - rather than fiddling
around, adding and removing permissions (not the most "visible"
of commodities to start with) in the file system.

Regards,
Phill W.

Sep 28 '05 #4

middletree

>consider the potential for

damage if your site were to be hacked...

Well, this is Intranet.

Sep 28 '05 #5

Phill. W

"middletree " <mi********@ver ywarmmail.com> wrote in message
news:e1******** ******@TK2MSFTN GP15.phx.gbl...

consider the potential for damage if your site were to be hacked...

Well, this is Intranet.

Ah; In-House Users ...

/Of course/ you can trust them not to do silly things like, say,
deleting all of the files in a given ticket's directory while they're
"just looking at it" in Windows Explorer ... ;-)

Regards,
Phill W.

Sep 29 '05 #6

Similar topics

8015

PHP & NTFS Permissions

by: BingoHandJob | last post by:

Hello group! I'm having a problem and I hope some of you may be able to point me in the right direction. I inherited a web site using php, running on Windows 2000 & IIS. The site was developed by a consulting firm about a year before I came on board, the consultant has since gone out of business. Overall, I've never had a problem with the site and have been able to figure out nearly everything they configured on it.

PHP

2639

Permissions

by: Shelly | last post by:

I have a new server and I have my files up there. The files are in /var/www/html/. In this directory I have another directory that I created called "users". I am unable to figure out how to set permissions on this directory, and what those permissions should be. I am using ShieldHost. When there is a new user, and he enters his desired name and password, as part of the process I want to create a small directory tree under "users"...

PHP

2322

Re setting file permissions...

by: Fran Tirimo | last post by:

I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company 1&1 with only limited server configuration via a web based control panel. My query relates to the ASP security model and how it relates to FrontPage options for setting file access on a database file. If you know of any online documentation...

ASP / Active Server Pages

3929

ASP security model / file permissions to allow updating of a database

by: Fran Tirimo | last post by:

ASP / Active Server Pages

3067

How to Identify Permissions for SQL Server Tables & Stored Proc. via VB Code

by: Brad H McCollum | last post by:

I'm writing an application using VB 6.0 as the front-end GUI, and the MSDE version of SQL Server as the back-end (it's a program for a really small # of users --- less then 3-4). I'm trying to determine, through the Visual Basic interface, the permissions of each user that's using the application on his/her machine. For example, let's say I'm user "Michael" that's sitting down at my machine using the app. I've written. The security...

Microsoft SQL Server

4741

webservice permissions

by: Daniel Wilson | last post by:

I have a client who is trying to deploy a webservice I wrote. The web service reads a file on a file server and delivers information about it. The file needs to be inaccessible to the user of the webservice because it is intellectual property. This sounds easy. Just give the IUsr account on the web server, a 2003 server running IIS6, read rights to the files on the file server. Since no HTTP path will get to the file server, the user...

.NET Framework

1344

In-depth documenation on User Permissions, Group Permissions, ACLs, DCLs etc.

by: Curt K | last post by:

We run some web services (IIS 5 and IIS 6) that communicate to a COM out of process server, which in turn communicates to another out of process COM server (long story). We have had lots of permissions issues getting the web service to communicate to the COM object to the point that we use the "administrator" account (yes, I know this is really bad). We need to tidy this for security purposes and to run under Vista and properly set up...

ASP.NET

1836

Permissions to Sql2005 database from IIS

by: Nemisis | last post by:

Hi everyone, hope your all looking forward to xmas. I am setting up a Sql2005 database on a Windows Server, running Windows Server 2003. The database is going to be accessed via users using an ASP.Net website. My website is running the normal IUSR account. And users must login to the website, which uses Forms Authentication. I do not want to give users access directly to tables, so have created

ASP.NET

2432

Export from DB2 causes file to be created with permissions of 640

by: SysProg | last post by:

I need some help with a problem I've encountered. I am a zLinux, WAS, and DB2 noob so please bear with me. I am helping to support two WebSphere applications which utilize DB2 under zLinux. One application is for Europe and the other for the US. Each application has multiple WAS servers and HTTP servers backed by their own DB2 server. A script is run for each application that exports data from a z/OS-based DB2 database into a file on the...

DB2 Database

8466

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8384

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8901

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

6212

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5683

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4208

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4388

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2037

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

1791

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General