Re: Help - Writing Web Control to Access the Local FileSystem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Marc Gravell" <marc.gravell@xxxxxxxxx>
Date: Thu, 4 Jan 2007 08:11:15 -0000

welcome to the sandbox.

I'm not a web-OCX guru, but I suggest that this could cause huge
security issues, allowing (depending on the features exposed) random
pages (e.g. intranet?) to exploit your control to browse any user's
file system. I suggest you take a look at:
http://msdn.microsoft.com/msdnmag/issues/02/06/rich/ (search for the
phrase "File system access is the big one").

There may be some solutions involving signing the code with a a valid
(chained) certificate and assigning the required permissions (not
ideal, as not very site-specific), or possibly trusting the site
(worse) - or maybe some caspol hacks...

No simple answer for you, though

Marc

.

References:
- Help - Writing Web Control to Access the Local FileSystem
  - From: Nigel

Prev by Date: Re: Best location to start a thread
Next by Date: Re: C# ASPX page loads more than 1 time
Previous by thread: Help - Writing Web Control to Access the Local FileSystem
Next by thread: main window deactivation
Index(es):
- Date
- Thread

Relevant Pages

[UNIX] Buffer Overflow in ISO9660 File System Component of Linux Kernel
... Get your security news from a reliable source. ... The Linux kernel performs no length checking on ... symbolic links stored on an ISO9660 file system, ... In order to exploit this vulnerability, an attacker must be able to mount ...
(Securiteam)
Re: FSI Indices with translates the answer
... directory of the file system that one is within, ... there are other MV dbms products that have virtually no security ... MV vendors should provide that functionality required by "ALL" users. ... when you fire anyone who points out problems ...
(comp.databases.pick)
Re: For the AdaOS folks
... A mall with one or two doors on the outside to be ... > only makes sense to choke the security at a minimal number ... > that exist within the file system. ... While it is not the entire answer to network ...
(comp.lang.ada)
Re: Linux security
... that is in Windows NT-based systems out of the box. ... Why do you want that fine level of control? ... level of control over security?" ... a file system is a different beast altogether. ...
(Ubuntu)
Problems after converting FAT32 to NTFS on a Windows XP SP 2 system
... I inherited a Windows XP system with SP2 and FAT32 file system. ... decided to convert the file system to NTFS to use the granular security ... I have also verified that the Logical Disk Manager service is set to ...
(microsoft.public.windowsxp.help_and_support)