Home page logo

basics logo Security Basics mailing list archives

From: "Kenzo" <kenzo_chin () hotmail com>
Date: Fri, 7 Feb 2003 13:47:11 -0600

OK, I need some input from you guys on this.
Our webmaster seems to think that giving the guest internet user read access
to the C drive is OK as long as you don't set IIS to list content and other
stuff that I don't understand, since I don't know anything about running a
I told him that by doing so, most subfolders will also take that permission,
so if someone that knows what they're doing could compromise that account,
they would have read access to almost the whole C drive.
the box is a win2k server with IIS5.  I believe he wants to do this for some
error checking for a C or java program.
The program suppose to check to make sure that the drive has enought space
before it starts writing or copying things and for that it needs read access
to the C drive.
To me, even thought I don't know anything about programing and webhosting,
it doesn't look right from the security point of view.

Please give me some input on this if it's OK or not and why, so that I can
tell him yes it's OK or NO it's not OK because of this and that.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]