473,385 Members | 2,015 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > write permissions and security

Join Bytes to post your question to a community of 473,385 software developers and data experts.

write permissions and security

we're working on a cms system that allows the admin to upload files to the
server - the host (supplied by the client) says that opening write
permissions means that windows is open to exploits.

we're using FSO to move the file

anyone know a way of locking down this so its not 'open to exploits' ?

thanks

mark
Jul 19 '05 #1
2 1326
On Mon, 6 Sep 2004 13:21:41 +0100, "mark | r" <ma******@gmail.com>
wrote:
we're working on a cms system that allows the admin to upload files to the
server - the host (supplied by the client) says that opening write
permissions means that windows is open to exploits.

we're using FSO to move the file

anyone know a way of locking down this so its not 'open to exploits' ?


You can either deny writes and be safer or allow them and be less
safe. In your case, you have to sacrifice one element of security in
order to provide functionality, but that's what all security decisions
entail. Some might argue that the primary cause of all exploits is
having a computer. At least until your toaster gets hacked and used
for serving WaReZ bagels...

Jeff
Jul 19 '05 #2
"mark | r" wrote in message
news:41**********************@news.dial.pipex.com. ..
: we're working on a cms system that allows the admin to upload files to the
: server - the host (supplied by the client) says that opening write
: permissions means that windows is open to exploits.
:
: we're using FSO to move the file
:
: anyone know a way of locking down this so its not 'open to exploits' ?

Hi Mark...

This does not have to be a security issue. Opening write permissions to a
data repository that then gets processed by the server to move the files
where they need to be can be quite secure. You can put as many layers of
security on this as you need. You could define a VPN between you, with SSL
connectivity, logon with name/password, MD5 checksum, acceptance of only
specific IPs in your tunnel, call back, etc.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 19 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
How to Identify Permissions for SQL Server Tables & Stored Proc. via VB Code
by: Brad H McCollum | last post by:
I'm writing an application using VB 6.0 as the front-end GUI, and the MSDE version of SQL Server as the back-end (it's a program for a really small # of users --- less then 3-4). I'm trying to...
Microsoft SQL Server
5
I can't write data to an access database in a webfolder of a windows Prof 2000 machine??
by: Norman Fritag | last post by:
Hi there, The Problem: I can't write data to an access database in a webfolder of a windows Prof 2000 machine, whereas the same web application runs fine under Windows XP. I looked into the...
.NET Framework
0
cannot write a file to disk!
by: chipotle_pickle | last post by:
You're letting a lot of bad links creep onto that page. Do a Google search for "genesis world energy". The second item found is a broken link to the newsroom. (The third item found explains how the...
ASP.NET
0
Have asp.net-hosted WinControl write to client's file.
by: Mark | last post by:
Hello, I know that you can host a WinControl in ASP.Net. If I want my Windows User Control to be able to write to the client's file system (or access a database, or any other secure action), how...
ASP.NET
2
Worker Process Write Permissions
by: Carl Gilbert | last post by:
Hi I am trying to get an online gallery (www.ngallery.org - open source) to upload image to a folder. At the moment I am using localhost but plan to move to some web space when I get it all...
ASP.NET
6
Cannot write text to the file located in IIS' wwwroot directory!
by: sambuela | last post by:
How can I write message to the file located in the wwwroot directory? It seems that IIS protect these files. Let make me cannot do the I/O writing sucessfully. I try to open file's write...
Visual Basic .NET
7
Unable to write to registry
by: Vernon Peppers | last post by:
I am a newbie with .NET, trying to step up from VB6. I have a need to write to and read from the registry. Config files will not be acceptable due to their lack of security. The registry entry...
Visual Basic .NET
1
Check for "Write Access" on a file/folder in .NET
by: =?Utf-8?B?R2FuZXNoIE11dGh1dmVsdQ==?= | last post by:
Hello All, Our application write logs to a file in a folder. Before our application starts writing to that file, I want to check if the current user has write access to that file, for example,...
.NET Framework
8
FileIO Exception and permissions
by: jporter188 | last post by:
Hello, I am working on a project to manipulate XML files. All of the files, the code, and the output are on network drives. When I run my program I get an exception (see below). I tried giving...
C# / C Sharp
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!