navcan
Posts: 61
|
| Posted: 02/07/2007, 7:31 PM |
|
Hello all,
In ASP page I have a record from which allow users to upload files and images on to the Web Server under folder name "UserDOC" for documents and "UserIMG" for images. Naturally, IUSR_XXXXXX account has Read/Write/Delete permissions to thise two folders so users can upload files or if they delete the record, it should also delete the associated file/image too.
Now, how can I protect "UserDOC" and "UserIMG" folders from anonymous users so they cannot delete all the files/images?
Appreciate your response to this question.
Best regards,
navcan
|
 |
 |
Oper
Posts: 1195
|
| Posted: 02/09/2007, 3:09 AM |
|
you cant since all evertyone is useing the IUSR (anonymous account)
a good trick is to restrict use or read those folder on IIS and the appliclation copy from one folder to another folder (with IIS read permision) before browse. also you need to delete that folder.
BTW this is a simple way (not NASA security, coulkd be jumped reading teh file that remain on the new folder)
_________________
____________________________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates
Please do backup first |
|
|
|
|
