By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,241 Members | 799 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,241 IT Pros & Developers. It's quick & easy.

ASP security model / file permissions to allow updating of a database

P: n/a
I am developing a small website using ASP scripts to format data retrieved
from an Access database. It will run on a Windows 2003 server supporting
FrontPage extensions 2002 hosted by the company 1&1 with only limited server
configuration via a web based control panel.

My query relates to the ASP security model and how it relates to FrontPage
options for setting file access on a database file. If you know of any
online documentation covering the following issues I would be grateful for
links to it.

For various reasons (session logging, synchronising data with a master
database etc) I need to be able to write data to the database file.
Essentially the problem is this: how do I make this possible without giving
public access to the database file?

The 1&1 control panel allows me to set Read/Write/Execute/Delete permissions
for "IUSR" (I assume to mean annoymous unauthenticated users) and "NETWORK"
users (I am not sure what this refers to yet).

So far the only way I have managed to write to the database file from an ASP
script is by using the control panel to set the following IUSR permissions
on the database file:

Read = true (cannot alter this)
Write = true
Execute = true
Delete = false

I understand that when as ASP script executes, it takes on a "security
context" corresponding to the user requesting the page. In my case, when an
annonymous user makes a request that needs to be logged to the database for
example, the script that performs the logging has annonymous user
privelages. Therefore for the write to the database to be successful, IUSR
write permissions must be allowed.

Of course, these permission settings have some undesireable side effects:

1 - With "Read = true" on the database file for annonymous users means
that anyone can download the database file.
2 - With "Write = true" annonymous users could in theory directly alter
the database file eg using telnet or some similar method.

I am not sure if this this second point is true...
- What exactly do annonymous write permissions on a file/directory allow
to occur?
- I am not yet sure if the server is set up to ONLY accept HTTP GET and
POST commands from annonymous users but have contacted the hosting company
about this.

I may have found a solution to the above issues. As I am using FrontPage to
publish the site I may be able to take advantage of FP's file permission
settings by disallowing browsing by annonymous users for the directory
containg the database file.

What I need to know is whether my suggested solution to the problem really
prevents anonymous users from downloading/modifying my database file and how
would I test this?

I assume that I still have to allow IUSR read/write access to the database
file, given the ASP security issues mentioned above. (Are FP permissions
considered by the web server instead of or in conjunction with Windows file
permissions when deciding if access to a resource is to be allowed?)

To check my understanding of FP folder permissions...

- Allow files to be browsed - does this prevent downloading of files in
the folder as well as preventing folder contents from being viewed from ANY
HTTP client?
- Allow scripts to be run - does this refer to annonymous users being
allowed to view pages generated by scripts within the folder? Or does it
refer to scripts in other folders access files/data in the said folder?
- Allow prrograms to be run - this is probably not relevant to me and I
should probably disallow this option.

Also, I have read that you can create a "hidden" folder in FP just by giving
it a name beginning with an underscore. Would such a folder allow a script
to access/write to a dataqbase file? My tests seem to show that the _private
directory created by default in new FP webs does NOT allow scripts to write
to files.

Finally, is there any way within an ASP script to assume a more privileged
security context? For example, would using Sever.Execute to call another
script containg the code to modify the database use a more privileged
security context?

Thanks for your help

Francesco Tirimo
fw***@gmx.co.uk
Jul 19 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Maybe I'm totally missing the point here (it is quite a long post to read),
but why would you allow direct file access to your database in the first
place?
I can only sense trouble from allowing this.

I'm assuming you are using an Access DB here, but depending on how much you
want to be changing in that database, and what data is stored I would
consider of writing a number of ASP pages that can be used be priviliged
users to make changes to the database.
If you want people to simple add/delete data to the DB, this is definatly
the way to go. If you are talking about DB model changes, that's something
else.

"Fran Tirimo" <fw***@gmx.co.uk> wrote in message
news:OP**************@TK2MSFTNGP12.phx.gbl...
I am developing a small website using ASP scripts to format data retrieved
from an Access database. It will run on a Windows 2003 server supporting
FrontPage extensions 2002 hosted by the company 1&1 with only limited server configuration via a web based control panel.

My query relates to the ASP security model and how it relates to FrontPage
options for setting file access on a database file. If you know of any
online documentation covering the following issues I would be grateful for
links to it.

For various reasons (session logging, synchronising data with a master
database etc) I need to be able to write data to the database file.
Essentially the problem is this: how do I make this possible without giving public access to the database file?

The 1&1 control panel allows me to set Read/Write/Execute/Delete permissions for "IUSR" (I assume to mean annoymous unauthenticated users) and "NETWORK" users (I am not sure what this refers to yet).

So far the only way I have managed to write to the database file from an ASP script is by using the control panel to set the following IUSR permissions
on the database file:

Read = true (cannot alter this)
Write = true
Execute = true
Delete = false

I understand that when as ASP script executes, it takes on a "security
context" corresponding to the user requesting the page. In my case, when an annonymous user makes a request that needs to be logged to the database for example, the script that performs the logging has annonymous user
privelages. Therefore for the write to the database to be successful, IUSR
write permissions must be allowed.

Of course, these permission settings have some undesireable side effects:

1 - With "Read = true" on the database file for annonymous users means
that anyone can download the database file.
2 - With "Write = true" annonymous users could in theory directly alter the database file eg using telnet or some similar method.

I am not sure if this this second point is true...
- What exactly do annonymous write permissions on a file/directory allow to occur?
- I am not yet sure if the server is set up to ONLY accept HTTP GET and POST commands from annonymous users but have contacted the hosting company
about this.

I may have found a solution to the above issues. As I am using FrontPage to publish the site I may be able to take advantage of FP's file permission
settings by disallowing browsing by annonymous users for the directory
containg the database file.

What I need to know is whether my suggested solution to the problem really
prevents anonymous users from downloading/modifying my database file and how would I test this?

I assume that I still have to allow IUSR read/write access to the database
file, given the ASP security issues mentioned above. (Are FP permissions
considered by the web server instead of or in conjunction with Windows file permissions when deciding if access to a resource is to be allowed?)

To check my understanding of FP folder permissions...

- Allow files to be browsed - does this prevent downloading of files in the folder as well as preventing folder contents from being viewed from ANY HTTP client?
- Allow scripts to be run - does this refer to annonymous users being
allowed to view pages generated by scripts within the folder? Or does it
refer to scripts in other folders access files/data in the said folder?
- Allow prrograms to be run - this is probably not relevant to me and I should probably disallow this option.

Also, I have read that you can create a "hidden" folder in FP just by giving it a name beginning with an underscore. Would such a folder allow a script
to access/write to a dataqbase file? My tests seem to show that the _private directory created by default in new FP webs does NOT allow scripts to write to files.

Finally, is there any way within an ASP script to assume a more privileged
security context? For example, would using Sever.Execute to call another
script containg the code to modify the database use a more privileged
security context?

Thanks for your help

Francesco Tirimo
fw***@gmx.co.uk

Jul 19 '05 #2

P: n/a
Please do not multipost Fran. This is definitely a database-related question
so .asp.db was the perfect group in which to post it. Posting it here as
well did not increase your chances of getting an answer (most of us
subscribe to both groups). On the contrary, if somebody had taken his time
to answer it here, only to find that it was already resolved in the other
group, that person may have been annoyed enough to ignore any future posts
from you, thereby decreasing your chances of getting help in the future.

There are times when you will not be sure which group is most appropriate,
and you will want to post a question to both groups. In that situation, you
should use the cross-posting technique, rather than posting the same message
multiple times. To crosspost, put a semicolon-delimited* list of the
newsgroups to which you wish to post in the To: header of your post and post
it once. It, and any replies to it, will appear in all the newsgroups in
your list. So, if I reply in .asp.db, my reply will also appear here in
..asp.general.

* ... or whatever delimiter is recognized by your news client

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.