The risk of granting to IUSR* NTFS permissions on a folder on the server
Question
I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\\wwwroot".
The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use.
It works so far :)
But, what is the risk? what should I be afraid of?
As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :)
What do you think? May the file or even the server itself get compromised because of this?
Thanks.
1 answers
solution1
1 ACCPTED 2011-06-24 14:31:15
As long as the folder does not have any other files/folders, there will not be any negative/downside to this.
If you want to tighten security even more, you can give allow permissions on the file alone and not the containing folder.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.