Posted by Hilarion on 11/14/05 19:26
>>> Am I right that this is a "rights" problem?
>>
>>Yes, this is probably a rights problem. Make sure that you granted
>>write access on this file to the IIS service account
>
> OK. Is there any security danger to doing this?
Yes and no. If you'll have some other app (also web-app) working
on the same account which is prone to user abuse*, then
this app will be able to overwrite the file in which case
you'll loose all the data and/or get your disc filled with some
crap.
* - If the app has some security holes (simple example is:
web-app allows user to point a server path to which their
uploaded file should go to).
If you check what uses same account and are sure that all those
apps are safe, and if you check all the web-apps working
on this IIS and are sure they are well-written and do not
allow access to this file, then there's no security risk
from allowing IIS account writing to this file.
You may try minimising the risks by creating dedicated account
for IIS with same privileges as the oryginal account and grant
write privileges on the file only to this dedicated account.
This way only IIS and it's web-apps are potential risk source.
Hilarion
[Back to original message]
|