Forum Moderators: open
I understand what setting the permissions on files to 'Read' does, as if it's not on, the file cannot be accessed.
What I am cloudy about is what exactly the 'Write' permission in a typical IIS webspace does. Yes, I see that if 'Write' is not on an .MDB database, it cannot be written to. What, however, is the security risk (if any) of having 'Write' on a normal .htm or .asp file?
Can the anonymous IUSER affect an .htm or .asp file if it has full read/write toggled on?
What, however, is the security risk (if any) of having 'Write' on a normal .htm or .asp file?
A script running that has write acces priviliges can modify the file.
It's possible that if you're not careful, a security issue could arise with one of your scripts which could allow a hacker to create their own files on the web root.
It's best practice to only allow write access to files that absolutely need it. Be extra careful when giving write permissions outside of the webroot.
