Just trying to use the upload function in the witango debug tool. But it looks like it is working fine now even with write turned off so maybe I had some other problem that was fixed once I made the other updates I was working on.
I thought I had this all working without the write permission but then I started to have a problem and since I could not get access to the server for the last 3 weeks I sort of lost track. All seems well now. Dan on 1/2/04 16:13, Scott Cadillac at [EMAIL PROTECTED] wrote: > Hi Dan, > > I think enabling Write permissions, despite Script only, will still allow > hackers to alter your existing files and to deposit viruses for people to > download. > > Not good. > > What are you trying to do exactly? > > If your just building an upload application in Witango, you shouldn't have > to change any of your IIS settings to allow this - just build in the > Security to "allow" uploading as part of your TAF code. > > If you are trying to find another method for uploading your Witango files to > a site, where FTP or other file transfer options are not available - then > maybe build a special Upload TAF to do this for you, with appropriate > Security features of course. > > Let us know what you are trying to do exactly. Cheers..... > > Scott Cadillac, > Witango.org - http://witango.org > 403-281-6090 - [EMAIL PROTECTED] > -- > Information for the Witango Developer Community > --------------------- > > XML-Extranet - http://xmlx.ca > 403-281-6090 - [EMAIL PROTECTED] > -- > Well-formed Development (for hire) > --------------------- > > >> -----Original Message----- >> From: Dan Stein [mailto:[EMAIL PROTECTED] >> Sent: Friday, January 02, 2004 2:01 PM >> To: [EMAIL PROTECTED] >> Subject: Re: Witango-Talk: IIS and Security issue >> >> OK I think I have it after looking on Microsoft site. As long >> as I have execute permissions set to scripts only it seems to >> not warn me if I allow write permissions. >> >> Is this pretty safe then or should I do something within >> directory security? >> >> on 1/2/04 15:29, Dan Stein at [EMAIL PROTECTED] wrote: >> >>> I want to set up my IIS so I can write to the directory >> that contains >>> my taf files for uploading new tafs etc. But I would like to not >>> compromise security by letting just anyone write. >>> >>> I have a special login for the taf file that does the >> uploads. How can >>> I best accomplish this. >>> >>> Dan >> >> -- >> Dan Stein >> Digital Software Solutions >> 799 Evergreen Circle >> Telford PA 18969 >> Land: 215-799-0192 >> Mobile: 610-256-2843 >> Fax 413-410-9682 >> FMP, WiTango, EDI,SQL 2000 >> [EMAIL PROTECTED] >> www.dss-db.com >> >> >> "When you are born, you cry and those who love you >> rejoice. And if you >> live your life as you should, when you die, you rejoice and those who >> love you cry." >> >> ______________________________________________________________ >> __________ >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >> > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > -- Dan Stein Digital Software Solutions 799 Evergreen Circle Telford PA 18969 Land: 215-799-0192 Mobile: 610-256-2843 Fax 413-410-9682 FMP, WiTango, EDI,SQL 2000 [EMAIL PROTECTED] www.dss-db.com "When you are born, you cry and those who love you rejoice. And if you live your life as you should, when you die, you rejoice and those who love you cry." ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
