1. Everything is security issue. Having a box on internet is a chance of
that box being compromised.
2. Read access is just a read access and not write access. So it's not that
bad.
But that does not mean you can do anything you want on the box.
I do not see any reason for ASP.NET application too have read access to the
entire server. They (Developers) must specify specific actions/read
operations they need access for.
Then look into move their operations into some folder/subfolder and give
read access to it. Also might be wise to make sure that folder not in
c:\Inetpub folder so the whole internet did not have access to it...
George.
"Ryan Ritten" <sp*************@thesparticusarena.comwrote in message
news:2d**********************************@l76g2000 hse.googlegroups.com...
Hey all,
At the company I work for our team of ASP.NET developers have
requested that the aspnet_wp account (the account that IIS runs under)
needs to have full read access to the entire server for thier
application to work. This server is not behind a firewall, so is open
to the world.
I've told them that this is a security issue. If that box gets
compromised, all the data on it will be able to be seen (which is a
bad thing).
They are trying to convince me that I am wrong and they full access to
the box is required.
Am I wrong to deny them?
Thanks,
Ryan Ritten
