Re: HOW TO Restrict FileSystemObject (fso) to ASP context

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 09/03/04 

Date: Fri, 3 Sep 2004 12:05:53 +1000

Of course you should be using NTFS permissions to restrict an object that
manipulates the file system, what else do you think NTFS (NT *File*
*System*) permissions are for?!?

The File System Object doesn't know anything about whether a file is
"inside" a website or not - it just sees the physical disk. You can either
set NTFS permissions on the .dll that houses the FSO, or on the registry, or
on the files you don't want to be manipulated.

Cheers
Ken

"Renaud COLAS" <NO_SPAM_BUDcolas.r@free.fr> wrote in message
news:ch87dk$c5l$1@news-reader5.wanadoo.fr...
> Hi all,
>
> Facing some hack activities from ZEHIR, I need to make sure that
> FileSystemObject is not being used out of the ASP context.
> That means I do not want a path to be out of the current site (basically,
> no
> way to acces hard disk root folders like "c:\", "d:\" and so on, hence no
> way to go down to the "\windows" folder.
>
> I can not use the credentials (over 4000 web site to handle), therefore I
> searching for a way (by registry for instance) to get this restriction on.
>
> Since Microsoft stands keeps on offering this great tool for years now,
> I'd
> hope they'd put out a way to guarantee a safe usage, but I'm
> disappointed...
> I'd consider this as a major security hole, major because of the time it's
> being offered without other best pratice than dealing with user rights (on
> IUSR per site).
>
> If anybody had a solution, I'd be very thankfull to read it ! ;-)
>
> Best regards,
>
> Renaud
>
>

Relevant Pages

  • Re: Limit user access to server
    ... > administrator access to the server. ... > group permissions from the folders that you want to control access to OR ... > change the ntfs permissions of the users group and user account ... > Policies can also be used to restrict what applications a user can install ...
    (microsoft.public.security)
  • Re: TweakUI and Security
    ... Group Policy alone should not be used to restrict a user's access to a ... Make sure that NTFS permissions do not allow users to write to ... configuring them checking the application log for SRP events can help you ... on to the local computer using GP. ...
    (microsoft.public.security)
  • Re: Setting up demonstration PC, want to limit access to installed programs
    ... > applications a user can run or use Software Restriction Policies. ... > the easiest solution for you will be to change the NTFS permissions on the ... > restrict are under the program files folder. ... > Software Restriction Policies using Local Security Policy which is very ...
    (microsoft.public.windowsxp.security_admin)
  • Re: win xp security ntfs
    ... of a reboot. ... Make a backup, convert, and you will likely discover ... around (it contains no info on NTFS permissions ... > my current file system is fat32. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Subject: allowing user to open specific folder only
    ... NTFS permissions are the permissions which you can set on the file ... That's the standard way of securing the file system. ... them on a production server. ... > allowing user to open specific folder only ...
    (microsoft.public.windows.terminal_services)