> The program suppose to check to make sure that the drive has > enough space before it starts writing or copying things and > for that it needs read access to the C drive.
It's going to need more than read access to do the "writing or copying". i.e., Something here is not kosher. David Gillett > -----Original Message----- > From: Kenzo [mailto:[EMAIL PROTECTED]] > Sent: February 7, 2003 11:47 > To: [EMAIL PROTECTED] > Subject: permission > > > OK, I need some input from you guys on this. > Our webmaster seems to think that giving the guest internet > user read access > to the C drive is OK as long as you don't set IIS to list > content and other > stuff that I don't understand, since I don't know anything > about running a > website. > I told him that by doing so, most subfolders will also take > that permission, > so if someone that knows what they're doing could compromise > that account, > they would have read access to almost the whole C drive. > the box is a win2k server with IIS5. I believe he wants to > do this for some > error checking for a C or java program. > The program suppose to check to make sure that the drive has > enought space > before it starts writing or copying things and for that it > needs read access > to the C drive. > To me, even thought I don't know anything about programing > and webhosting, > it doesn't look right from the security point of view. > > Please give me some input on this if it's OK or not and why, > so that I can > tell him yes it's OK or NO it's not OK because of this and that. > > Thanks. >
