Re: Is the fact of allowing parent path in IIS a security issue?
From: Thomas P. Skinner [MVP] (tom_at_bu.edu)
Date: 03/12/05
- Previous message: David Wang [Msft]: "Re: IServerXMLHTTPRequest authentication problem"
- In reply to: rachidk: "Is the fact of allowing parent path in IIS a security issue?"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 12 Mar 2005 17:02:47 -0500
What do you mean by allowing parent path? Every virtual server under IIS has
a virtual directory that forms the root, i.e. \ directory, for that server.
IIS never allows access to anything above the root of the virtual directory.
Of course you could make your actual drives root directory the virtual
directory and then access to the directory tree would be governed by the
NTFS access rights as well as access rights stored in the IIS metabase. Each
subdirectory inherits the IIS access rights of the parent unless
specifically overridden.
I fail to see what IIS has to do with access between domains. Can you be
more specific?
Tom Skinner [MVP]
Boston University
"rachidk" <rachidk@discussions.microsoft.com> wrote in message
news:0134651E-FE84-4B3B-BF3A-2A8082829F49@microsoft.com...
> Hi all
> Is the fact of allowing parent path in IIS a security issue?
> Is it a must for shared hosting accounts not to allow it?
>
> Is it true that any domain on the server could read any file from another
> domain when enabled?
>
> Any clues anyone?
> Thank you
>
>
- Previous message: David Wang [Msft]: "Re: IServerXMLHTTPRequest authentication problem"
- In reply to: rachidk: "Is the fact of allowing parent path in IIS a security issue?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
