Jeff Longladn wrote:
>I'm not too sure if some of you understand my current situation. I'm
>virtually hosting with a company called Softcom (NT IIS 4.0)
>(www.softcomca.com). I have one method of access to my server and that
>is FTP. I have access to my virtual directory and that is it! Through
>a bit of detective work, I have discovered that my physical directory
>is e:\InetPub\Clients\mydomain.com\ This is the only directory that I
>have access to. Perl for Win32 isn't installed so the form for the new
>version of Analog isn't of assistance for me! The executable version
>that everyone keeps recomending will only work with almost all of my
>analog directory in the cgi-bin. Then this causes a security risk!
>How can I get Analog to run on my server without leaving this security
>hole?????
It depends on what you consider a security risk. If softcom have
tightened up the security so that "anonymous" processes in your webspace
don't have acess to anything outside your webspace, and you don't have
anything private in your webspace, then the potential security issues
that might arise if someone can directly access Analog don't matter in
your case.
The "problem" is that, under IIS, you can pass parameters directly to
Analog, and potentially tell it to read files that you couldn't normally
access from a URL. If the rest of the system is tightened up
sufficiently, then Analog won't be able to read any of those other
files, so the fact that IIS allows you to pass parameters to Analog to
instruct it to access system files may be moot.
(I'll put in some extra full stops here, to make up for the lack of them
in the previous paragraphs.....)
But if you're concerned, just FTP your logs and run the reports locally.
Or ask SoftCom to set Analog up on their system.
Aengus
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/[email protected]/
------------------------------------------------------------------------
