Re: Best approach to locking down a single file on a public website?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Evertjan." <exjxw.hannivoort@xxxxxxxxxxxx>
Date: 28 May 2009 13:49:22 GMT

John Heitmuller. wrote on 28 mei 2009 in
microsoft.public.inetserver.asp.general:

Conceptually, what is the best approach here?

I am implementing a public website in the following environment.
Windows 2003 Server w/ IIS 6.
Anonymous access enabled via the IUSR_machinename account.
Classic .asp fro server side scripting

I have a small encrypted data file in the root directory of the
website. Right now if the user enters the url into their browser
http://www.mypublicdomain.com/myencrytedfile.dat the user can download
the encrypted file.

The .asp scripts need access to the encrypted file. I am assuming
that the .asp scripts are running under the IUSR_machinename account.
I need to be able to allow my .asp scripts to access the file, while
preventing anonymous users from seeing (and downloading) the file.

If I can get pointed in the right direction I think I can work out the
details.

Simplest is to tell no one the name of the file or preferably the name of
the subdirectory, while you have disabled directory browsing in IIS.

You can disable a directory to be accessed for downloading.

You can upgrade to windows 2008, where the rootdirectory and all but one
subdirectory is by default outside the www view/reach.

I do not believe in "best approach" as a NG Q,
as this is subject to your personal preferences and possibilities,
even concepually so.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
.

References:
- Best approach to locking down a single file on a public website?
  - From: John Heitmuller.

Prev by Date: Best approach to locking down a single file on a public website?
Next by Date: Re: Getting input in Multi Laguage
Previous by thread: Best approach to locking down a single file on a public website?
Index(es):
- Date
- Thread

Relevant Pages

Re: IIS Start up errors
... provide the detailed steps to reinstall the IIS server in SBS 2003 server. ... For example, programs such as Microsoft ... In the Currently installed programs list, click Windows Small Business ...
(microsoft.public.windows.server.sbs)
Re: Active Directory Services cannot find the web server
... I am having the same problem with a windows xp pro with iis 5.1 ... incedently does not work properly when connecting to the server. ... both the client and server and still no luck. ...
(microsoft.public.dotnet.faqs)
Re: restated: VS Develper (non Admin) missing IIS MMC Management
... > debug ASP in VB.Net, and of course manage IIS MMC. ... > Microsoft Development Environment ... > Information Server on the client and the server. ... > server from a Windows NT 4.0 client. ...
(microsoft.public.dotnet.framework.aspnet)
Re: restated: VS Develper (non Admin) missing IIS MMC Management
... > debug ASP in VB.Net, and of course manage IIS MMC. ... > Microsoft Development Environment ... > Information Server on the client and the server. ... > server from a Windows NT 4.0 client. ...
(microsoft.public.dotnet.general)
Re: restated: VS Develper (non Admin) missing IIS MMC Management
... > debug ASP in VB.Net, and of course manage IIS MMC. ... > Microsoft Development Environment ... > Information Server on the client and the server. ... > server from a Windows NT 4.0 client. ...
(microsoft.public.inetserver.iis)