|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security issue on shared Windows 2003 serverIn Windows web hosting environment, an user is possible to use ASP
program to read other users' files through web browser. Can anyone give an advice to fix this issue? Thanks a lot. Yes - fix this by not using IUSR account for each website. Use custom
anonymous accounts for each website and set NTFS permissions appropriately. Additionally, set each website to run in high isolation (separate COM+ application) and configure each application to run as a separate user account (can be the same as anonymous access account) rather than IWAM. Microsoft has hosting guidelines on their website on how to configure IIS in shared hosting environments. Cheers Ken <sc25h***@yahoo.com.hk> wrote in message Show quoteHide quote news:ed56a71d-bf58-4b0a-817a-7a18432bd97e@k19g2000prh.googlegroups.com... > In Windows web hosting environment, an user is possible to use ASP > program to read other users' files through web browser. Can anyone > give an advice to fix this issue? > > Thanks a lot. 
Other interesting topics
Certificate Mapping - Debugging
iis 6 ssl redirect initial login encrypted? Domain Account used for IIS6 Anonymous Account Risks? web site access OK by IP but not by name Unable to access site with FQDN Restricting access from my site to other sites securing a browseable IIS directory Using "A share located on another computer" AND Authenticated acce one client certificate able to access two websites Managing Virtual Directories in IIS |
|||||||||||||||||||||||
