Re: Best architecture - upload file and save on different server
From: John Timney \(Microsoft MVP\) (timneyj_at_despammed.com)
Date: 10/20/04
- Next message: Kenneth: "IIS with webapps"
- Previous message: Mike: "Re: ExecutionEngineException after security patch"
- In reply to: Pat Carden: "Re: Best architecture - upload file and save on different server"
- Next in thread: Pat Carden: "Re: Best architecture - upload file and save on different server"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 20 Oct 2004 23:06:05 +0100
Use the windows service so the actual stages in the process remain
disconnected and therefore less vulnerable, hence the FTP on a different
port with a different set of credentials to the asp account.
You could use the file IO class if the service was running with enough
permissions to map to the remote server. For security howver file paths are
more vulnerable. For IO, you would be more secure doing a one way read only
file pull from server 2 to server 1.
If you used asp.net to save the posted file to another server you would
likely be running the asp.net process with enough permissions on the account
to mount a share on the remote machine - if that account gets compromised
the hacker has the permissions to mount the remote server too. This is less
secure but probably as easy to implement.
-- Regards John Timney Microsoft Regional Director Microsoft MVP "Pat Carden" <pcarden@bellsouth.nospam.net> wrote in message news:eHl6UKetEHA.3368@TK2MSFTNGP10.phx.gbl... > 1. So use a Windows service so authentication is not a problem?? Please > confirm this is the reason for the Windows service. > 2. Could the Windows service use the File.IO class to move the file from > Server1 to Server2? > > "John Timney (Microsoft MVP)" <timneyj@despammed.com> wrote in message > news:upIy4SVtEHA.3788@TK2MSFTNGP09.phx.gbl... > > Accept the upload on server 1, either with upload to an aspx page or via a > > webservice. Then use a windows service to FTP the file to server two > > (find > > a secure ftp client to automate if you need to). Dont allow the ftp port > > through the firewall and that way you only have port 80 open at your > > public > > side, and its hard to hack through port 80 to another port on a different > > machine if you have your machines well patched. > > > > -- > > Regards > > > > John Timney > > Microsoft Regional Director > > Microsoft MVP > > > > > > "Pat Carden" <pcarden@bellsouth.nospam.net> wrote in message > > news:eN34#8TtEHA.3368@TK2MSFTNGP10.phx.gbl... > >> Hi, > >> > >> We need to allow webusers to upload a file on our website (on Server3, > >> all > >> servers run Server 2003, remotely hosted) and eventually save it on our > > SBS > >> Server (Server2) which is not exposed through our firewall. We have > > another > >> server (Server1) within the SBS domain that is exposed through port 80 of > >> the firewall on which we host some web services and images. > >> > >> What is the best architecture for getting the file from the remotely > > hosted > >> web site (Server3) to our SBS Server (Server1). We have a 3.5mbs > >> connection. I had intended to use a webservice to receive a stream from > > the > >> HTMLInputControl and save that but there seem to be some security issues > >> I > >> don't know how to overcome. My best alternative so far is to redirect > >> the > >> upload to my Server 1 and save the file using the File1.SaveAs method. > > Then > >> use a FileSystemWatcher to move the file to Server2. > >> > >> Any suggestions would be greatly appreciated. Thanks, > >> > >> Pat > >> > >> > > > > > >
- Next message: Kenneth: "IIS with webapps"
- Previous message: Mike: "Re: ExecutionEngineException after security patch"
- In reply to: Pat Carden: "Re: Best architecture - upload file and save on different server"
- Next in thread: Pat Carden: "Re: Best architecture - upload file and save on different server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
