Discussion:
IISŒg€J°ÝÃD?
(时间太久无法回复)
news.microsoft.com
2005-10-25 02:17:50 UTC
Permalink
IIS žÌ­±¹w³]ªººô¯ž
·sŒW€@­ÓµêÀÀ¥Ø¿ý test
¥»Ÿ÷žô®| C:\test

(1)
IISžÌ­±Š¹µêÀÀ¥Ø¿ýªº€º®e
Š³€»­Ó¿ï¶µ
1.«ü¥OœXšÓ·œŠsšú
2.Ūšú
3.Œg€J
4.ÂsÄý¥Ø¿ý
5.¬ö¿ý¬dŸ\
6.œsšî³o­Óžê·œªº¯Á€Þ
€Ä¿ï²Ä3­Ó¿ï¶µ"Œg€J"

(2)
C:\test žê®Æ§šªºŠw¥þ©Ê
±NšÏ¥ÎªÌ IUSR_HoatName ¥[€J,
€]¥i¥H€Ä¿ï"Œg€J"

œÐ°ÝŠUŠì€j€j³ošâºØ§@ªk,
¹ïµ{Š¡©Î¥DŸ÷Šw¥þŠ³€°»ò®t§O©O?
©Î€°»òª¬ªpžÓ¿ï­þ€@ºØ§@ªk?
Thanks
Bernard Cheah [MVP]
2005-10-25 02:56:19 UTC
Permalink
Well, it's always a bad idea to allow anonymous write access.
In this case, although you only allow 'write' to the 'test' virtual
directory. and it is generally assume that this is safe. as the content
can't be write or execute in that folder. but you may never know they will
be one exploit which might break that rules.
hence If you really need to enable write. I would at least configure
authentication and disable anonymous access. User need to login before able
to write file. (at least we are able to capture the username, etc).
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
Post by news.microsoft.com
IIS žÌ­±¹w³]ªººô¯ž
¥»Ÿ÷žô®| C:\test
(1)
IISžÌ­±Š¹µêÀÀ¥Ø¿ýªº€º®e
Š³€»­Ó¿ï¶µ
1.«ü¥OœXšÓ·œŠsšú
2.Ūšú
3.Œg€J
4.ÂsÄý¥Ø¿ý
5.¬ö¿ý¬dŸ\
6.œsšî³o­Óžê·œªº¯Á€Þ
€Ä¿ï²Ä3­Ó¿ï¶µ"Œg€J"
(2)
C:\test žê®Æ§šªºŠw¥þ©Ê
±NšÏ¥ÎªÌ IUSR_HoatName ¥[€J,
€]¥i¥H€Ä¿ï"Œg€J"
¹ïµ{Š¡©Î¥DŸ÷Šw¥þŠ³€°»ò®t§O©O?
Thanks
news.microsoft.com
2005-10-25 03:19:47 UTC
Permalink
Thank you for your reply.

What is different between 'write from virtual directory' and 'write of
IUSR_HostName from the folder' ?
Or, is that the same ?
Post by Bernard Cheah [MVP]
Well, it's always a bad idea to allow anonymous write access.
In this case, although you only allow 'write' to the 'test' virtual
directory. and it is generally assume that this is safe. as the content
can't be write or execute in that folder. but you may never know they will
be one exploit which might break that rules.
hence If you really need to enable write. I would at least configure
authentication and disable anonymous access. User need to login before
able to write file. (at least we are able to capture the username, etc).
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
Post by news.microsoft.com
IIS žÌ­±¹w³]ªººô¯ž
¥»Ÿ÷žô®| C:\test
(1)
IISžÌ­±Š¹µêÀÀ¥Ø¿ýªº€º®e
Š³€»­Ó¿ï¶µ
1.«ü¥OœXšÓ·œŠsšú
2.Ūšú
3.Œg€J
4.ÂsÄý¥Ø¿ý
5.¬ö¿ý¬dŸ\
6.œsšî³o­Óžê·œªº¯Á€Þ
€Ä¿ï²Ä3­Ó¿ï¶µ"Œg€J"
(2)
C:\test žê®Æ§šªºŠw¥þ©Ê
±NšÏ¥ÎªÌ IUSR_HoatName ¥[€J,
€]¥i¥H€Ä¿ï"Œg€J"
¹ïµ{Š¡©Î¥DŸ÷Šw¥þŠ³€°»ò®t§O©O?
Thanks
Bernard Cheah [MVP]
2005-10-26 06:20:16 UTC
Permalink
Sort of. as the virtual directory is actually mapped to a physical folder.
Hence, secure the NTFS permissions on the folder. you can't ACL virtual
directory.
Also, grant minimum access, and if possible to file level.
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
Post by news.microsoft.com
Thank you for your reply.
What is different between 'write from virtual directory' and 'write of
IUSR_HostName from the folder' ?
Or, is that the same ?
Post by Bernard Cheah [MVP]
Well, it's always a bad idea to allow anonymous write access.
In this case, although you only allow 'write' to the 'test' virtual
directory. and it is generally assume that this is safe. as the content
can't be write or execute in that folder. but you may never know they
will be one exploit which might break that rules.
hence If you really need to enable write. I would at least configure
authentication and disable anonymous access. User need to login before
able to write file. (at least we are able to capture the username, etc).
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
IIS ¬aûïºç?úY©IýV
??’ÃüR©±??»í test
??¹j? C:\test
(1)
IIS¬aûï•i©±??»íúY??
£V?üRŠJ°Â
1.û\“sÚò£€€è”Z•ã
2.§Ë•ã
3.øý’Í
4.?٨?Ȓ
5.ûÖ»íÚšãc
6.Úñ•×?üR€à€èúYý_?
?ŠJ§÷3üRŠJ°Â"øý’Í"
(2)
C:\test €àüÅ?úY”^•h?
?£~?úk IUSR_HoatName “¡’Í,
’à“¯“l?ŠJ"øý’Í"
¥s«ô“û•x’í’í?£³?”©Úu,
¬Ñ?£D?“h?”^•h£V?©Î?”ž¢T?
??©ÎúKÚx?ŠJü}’Ã?”©Úu?
Thanks
继续阅读narkive:
Loading...