Re: Upload folder permissions
From: Ray (name_at_mweb.co.za)
Date: 01/14/05
- Next message: P. Jn-Charles: "ASP.NET Works locally but not remotely"
- Previous message: Tom Kaminski [MVP]: "Re: Red error signals"
- In reply to: Alok Kumar: "RE: Upload folder permissions"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 14 Jan 2005 18:22:50 +0200
Thanks to all
Setting Execution = None solved my problem..
Thanks again....
"Alok Kumar" <AlokKumar@discussions.microsoft.com> wrote in message
news:D4381231-9919-4B95-8494-3A0E8C1679D6@microsoft.com...
> You can set the NT authentication for the images folder. So only user who
> have specific permission can upload files.
> You can set the execute permission for the image directory to "none" and
> it
> will not execute anything including .asp pages.
>
> Alok Kumar
>
> "Ray" wrote:
>
>> Hi
>>
>> I am running a website with a classifieds section on it that allows users
>> to
>> post ads and upload an image for the ad.
>>
>> The problem is that the site was hacked this weekend by Team_Evil through
>> this image folder whereby they managed to upload code to it and execute
>> it
>> resulting in my whole site being defaced.
>>
>> My script does a check on the file extension to verify that it is of an
>> image type before the form posts and allows the upload.
>>
>> Is there anyway to setup permissions on the image folder whereby people
>> can
>> still upload images and that the images be deleted when the ad is deleted
>> but no asp scripts can be executed from this folder incase they get by
>> the
>> extension checking again? All the scripts make use of FSO to upload and
>> delete the images..
>>
>> Any guidelines and assistance will be appreciated.
>>
>> Thanks
>> Ray
>>
>>
>>
- Next message: P. Jn-Charles: "ASP.NET Works locally but not remotely"
- Previous message: Tom Kaminski [MVP]: "Re: Red error signals"
- In reply to: Alok Kumar: "RE: Upload folder permissions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
