I would say that this would be a *BIG* no-no. Severl of the security flaws that have been found in IIS are of the type that allow the attacker to gain access to the contents of any file on the system, even if it's not within the website.
Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Mason Landrum [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 15, 2002 2:47 PM > To: [EMAIL PROTECTED] > Subject: [gb-users] WWW and FTP on same box? > > > Everyone, > > I was wondering what all of you think about this security > question. I have to set up a password protected secure > (dial-up RAS) FTP site for our agencies. I would like to use > the same machine we use for our web server. The only ports I > allow through the GB to the web server are port 80. We would > not allow FTP connections through the GB from the Internet, > just by dial-up RAS. > > Would it be safe to have a FTP site containing sensitive data > set up on the same machine we use for our web site? What do you think? > > Thanks in advance for your thought! > > Sincerely, > Mason Landrum > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
