Hi,
This is maybe not a pure ASP question, but has some relation:
Please help me throw some light on this:
Which directories and files are visible and readable for a (hacking) user at a
Website:
a) directories in the default website (obviously: YES)
b) .asp-files in the default Website
c) .asp-files in any diretory outside the default Website
d) virtual directories, with files, referred to in the Website
e) any virtual directory, with files, set up in IIS
f) any other directory and file on the server computer that you know the local
physical path to
g) any other directory and file on the server computer that you know a valid
URL to
any comment is appreciated, thanks
Larry
5  1929 
A) yes, but listing the contents is a switch you can turn on/off.
B) yes by default BUT you can turn this off.
C) no, unless you've specified it as another site.
D) yes, depending on the file type though it may not be.
E) see D
F) not usually if the system is patched/up to date.
G) yes usually, see D though.
--
----------------------------------------------------------
Curt Christianson (Software_AT_Da rkfalz.Com)
Owner/Lead Designer, DF-Software http://www.Darkfalz.com
---------------------------------------------------------
...Offering free scripts & code snippits for everyone...
---------------------------------------------------------
"LarryM" <lm****@telia.c om> wrote in message
news:en******** *************** *********@4ax.c om... Hi,
This is maybe not a pure ASP question, but has some relation:
Please help me throw some light on this:
Which directories and files are visible and readable for a (hacking) user
at a Website:
a) directories in the default website (obviously: YES)
b) .asp-files in the default Website
c) .asp-files in any diretory outside the default Website
d) virtual directories, with files, referred to in the Website
e) any virtual directory, with files, set up in IIS
f) any other directory and file on the server computer that you know the
local physical path to
g) any other directory and file on the server computer that you know a
valid URL to
any comment is appreciated, thanks
Larry
On Mon, 4 Aug 2003 17:56:21 -0500, "Curt_C [MVP]" <Software_AT_Da rkfalz.com>
wrote: A) yes, but listing the contents is a switch you can turn on/off.
B) yes by default BUT you can turn this off.
C) no, unless you've specified it as another site.
D) yes, depending on the file type though it may not be.
E) see D
F) not usually if the system is patched/up to date.
G) yes usually, see D though.
Thanks Curt C!!
I guess the subject is to large to handle in a thread...
You don't happen to know a good book where I can dig deeper into all the
details??
BTW, how do you turn the .asp-files to be not visible?
/Larry
"LarryM" <lm****@telia.c om> wrote in message
news:kc******** *************** *********@4ax.c om... On Mon, 4 Aug 2003 17:56:21 -0500, "Curt_C [MVP]"
<Software_AT_Da rkfalz.com> wrote:
A) yes, but listing the contents is a switch you can turn on/off.
B) yes by default BUT you can turn this off.
C) no, unless you've specified it as another site.
D) yes, depending on the file type though it may not be.
E) see D
F) not usually if the system is patched/up to date.
G) yes usually, see D though.
Thanks Curt C!!
I guess the subject is to large to handle in a thread...
You don't happen to know a good book where I can dig deeper into all the
details??
BTW, how do you turn the .asp-files to be not visible?
..asp files is not visible just the HTML output (eg "Response.Write "). ASP
Files, by default (etc.) are processed by the server first after each
request. (Unless using FTP rather than HTTP)
Don
/Larry
simply disassociate them with the ASP.DLL in the IIS manager.
--
----------------------------------------------------------
Curt Christianson (Software_AT_Da rkfalz.Com)
Owner/Lead Designer, DF-Software http://www.Darkfalz.com
---------------------------------------------------------
...Offering free scripts & code snippits for everyone...
---------------------------------------------------------
"LarryM" <lm****@telia.c om> wrote in message
news:kc******** *************** *********@4ax.c om... On Mon, 4 Aug 2003 17:56:21 -0500, "Curt_C [MVP]"
<Software_AT_Da rkfalz.com> wrote:
A) yes, but listing the contents is a switch you can turn on/off.
B) yes by default BUT you can turn this off.
C) no, unless you've specified it as another site.
D) yes, depending on the file type though it may not be.
E) see D
F) not usually if the system is patched/up to date.
G) yes usually, see D though.
Thanks Curt C!!
I guess the subject is to large to handle in a thread...
You don't happen to know a good book where I can dig deeper into all the
details??
BTW, how do you turn the .asp-files to be not visible?
/Larry
Thanks guys for all your comments and tips,
I feel a bit … humble about the security issues,
there is obviously a lot to deal with..
/Larry
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: John |
last post by:
Hello.
If I wanted to make a website of sound files that are playable within
the actual webpage, but people visiting the site can't save, or see
the filenames so they can download from the site, is this possible?
What would be the best format to save the sound clips in? I would
need something that doesn't take up too much space but is good
quality.
|
by: Steevo |
last post by:
I am hoping to run a small website from a server in my house. Many people
have suggested I use Apache web server and pointed me to:
http://www.apache.org/dist/httpd/binaries/win32/
to download the installer. There are so many different files here I am
totally unsure which one(s) I need in order to host my website.
All help would be appreciated
|
by: Jim in Arizona |
last post by:
Is it possible to copy a file from one location to the desktop of the
user on the local lan? The webserver is IIS6, and all users are active
directory accounts. I realize that its a security risk to do such
things, but it would be ok in our given environment. I can't think of a
simple way to do it.
I was thinking of something similar to this:
Protected Sub btnPlaceIcon_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles...
|
by: Hans Kesting |
last post by:
Hi,
In our ASP.Net webapplications, we use xslt a lot. For 1.1 developing was
"easy":
start up the website and go to the page where the xslt was used. Change the
xslt
(save it) and refresh the page: the new results are visible.
Now we are transferring to 2.0 and XslCompiledTransform. The xslt's still
work
|
by: schneider |
last post by:
Hi all,
I want to publish my asp.net 2.0 website using the "publish website"
feature of visual studio 2005. everything works fine so far, but the
IDE only compiles and copies the aspx, ascx, resources etc. files to
the destination directory. It does actually not copy .txt, .htm or
graphics files. MSDN says these files should be copied during the
publishing task, but they are definitely not copied. Neither does it
offer any...
| | |
by: tkpmep |
last post by:
I'd like to download data from the website
http://www.russell.com/Indexes/performance/daily_values_US.asp. On
this web page, there are links to a number of .csv files, and I'd like
to download all of them automatically each day. The file names are not
visible on the page, but if I click on a link, a csv file opens in
Excel. I've searched this group and looked into urllib, but have not
found functions or code snippets that will allow me to...
|
by: SergeiZ |
last post by:
Hi,
Could anyone tell me why "Publish Website" generates no files in PrecompiliedWeb folder? I use VS 2005 on Vista. I've tried GUI "Publish Website" as well as aspnet_compiler.exe utility w/o any success.
At first it was working fine. I created the website, built, published, uploaded the code to web hosting server. Then I've downloaded the published version b/c some changes were made to aspx files by other developer. After that I...
|
by: Tom |
last post by:
How do we get out of the browser infinite loop quicksand when we navigate
to web pages designed to lock us in and force us to hit the "pay me" button
(whatever they want to force you to do)?
These are just a sample of nasty quicksand web pages I've run into which
lock your browser into a loop and won't let you get out until you hit the
"install" or "run" or "OK" button... (whatever it is they want you to do).
http://www.spywareiso.com...
|
by: Claire |
last post by:
Ive written a small string resource building utility that I send out to our
translators. I have a setup project for each language we support, which
picks
out a group of 12 english resx files plus their paired "foreign" resx for
that language only and installs those resource files in a subdirectory
somewhere.
I'm trying to create a setup project in visual studio 2008. Ive got my
Application Folder set up with my executable. Im now...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
