Re: Executing a locally installed program in IIS 6
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 07/27/04
- Next message: Tim: "Re: Executing a locally installed program in IIS 6"
- Previous message: David Wang [Msft]: "Re: IIS 6.0 on Windows Server 2003"
- In reply to: tim: "Re: Executing a locally installed program in IIS 6"
- Next in thread: Tim: "Re: Executing a locally installed program in IIS 6"
- Reply: Tim: "Re: Executing a locally installed program in IIS 6"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 26 Jul 2004 20:33:54 -0700
Hi, I've been on the other thread. This is the problem with multi-posting,
Tim. Multiple people on a given problem and not aware of each other.
At this point, it appears that PHP requires enabling a security
vulnerability on Windows Server 2003 in order to function (its shell()
function needs CMD.EXE to have weak ACLs and accessible via IIS -- something
we explicitly denied with IIS6 on Windows Server 2003). I gave some
possible alternatives, but the underlying problem is PHP needing a security
vulnerability to "work" without modifications.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "tim" <tim@discussions.microsoft.com> wrote in message news:2ec001c470e4$9fb218c0$a601280a@phx.gbl... ok well I guess I was not specific enough in this post. I have found another thread that I thought was talking about the similar problem and posted in there thinking that they were having the same problem. (turns out it was something different) "Re: IIS 6.0 on Windows Server 2003." Howerver Here is the excerpt of the message My case is ----------- Allow the user to browse to a web page, which executes zipcode.exe on the server, and the web page formats the output and returns it to the browser as a web page. --------- When a visitor browses http://mysite.com/lookup.php?zipcode=03791 The lookup.php page takes the input var of 03791 and passes it off to the zipcode.exe (a commandline module for windows) then the results are sent back to the php page to be used to look up information. So basically zipcode.exe a command line tool that returns a result based on the var's passed. This tool works in my existing IIS 5 web site application in my windows 2000 server. We are upgrading a new server that is running windows 2003 server with IIS 6. I have IIS and PHP 4 running and ALL of my php pages are running fine except the ones that call zipcode.exe I have read the if I give execute permissions to %SystemRoot%/System32/cmd.exe for the user IUSR_sytemname then the shell command will work. I'm reluctant to give access rights to the IUSR_sytemname because of security reasons. Is their any workaround other than giving access rights to the command line? Thanks Tim
- Next message: Tim: "Re: Executing a locally installed program in IIS 6"
- Previous message: David Wang [Msft]: "Re: IIS 6.0 on Windows Server 2003"
- In reply to: tim: "Re: Executing a locally installed program in IIS 6"
- Next in thread: Tim: "Re: Executing a locally installed program in IIS 6"
- Reply: Tim: "Re: Executing a locally installed program in IIS 6"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
