Security of Writable Folder

Forum Moderators: open

Message Too Old, No Replies

Security of Writable Folder

charonlee

1:58 am on Apr 30, 2003 (gmt 0)

Hi,
I'm new user for this forums. Below are my questions:

1.) Due to I allow users to upload images/files into my web-site, so I have to set a folder which name uploadfile to be writable. But, my concern is would it be a problem? I mean security problem. As we know that window 2000k has provided a lot of folder's permission such as Folder Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. Until what limit our web-site should be exposed so that it won't get hacked?

2.) How do most of the web-sites implement writable folder whereby they allow user to upload their photos (geocities), resume(jobstreet ).

Please advice!

GaryK

2:17 pm on May 1, 2003 (gmt 0)

I've been wondering this myself so perhaps getting this thread bumped back to the top of the list will bring some answers. :)

pigsfeet

6:22 am on May 22, 2003 (gmt 0)

I don't know if this helps you, but for a folder with a database in it I do this: Turn off read permissions in IIS (this stops people from d/l the database file) - In NFTS allow read and write, this allows your website users to read and write to the database.

Xoc

6:06 pm on May 22, 2003 (gmt 0)

Your asp.net code is all that needs write permission on a folder, not the end user. Since your asp.net code will be writing the info into the folder, it is not a direct upload.