>Ken Ferguson wrote: >> You "hope" that they can't be executed on the web server. That's an >> awfully arrogant statement to make.
>It is computer configuration 101: write or execute. Directories >that can be written, and the files in them, can never have >execute privileges. Are you talking about permissions here? Disk permissions or some type of IIS permissions? In any case, if you are running windows, most services run under a system account (although this has changed in windows 2003), and the system account usually has access to execute in any directory. So if you buffer overrun the service, then you can execute the files wherever they are. Even if it's linux, you can probably run a chmod on the files beforehand, and then execute, so permissions are not going to help you much... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:215979 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
