Scott I just ran across this and noticed your statement at the beginning of your reply.
What I have always done is to create one virtual folder that sits outside the directory and then allow that to have read/write permissions. Is that not a good idea? Thanks Steve > From: "Scott Cadillac" <[EMAIL PROTECTED]> > Organization: XML-Extranet > Reply-To: [EMAIL PROTECTED] > Date: Fri, 2 Jan 2004 14:13:08 -0700 > To: <[EMAIL PROTECTED]> > Subject: RE: Witango-Talk: IIS and Security issue > > Hi Dan, > > I think enabling Write permissions, despite Script only, will still allow > hackers to alter your existing files and to deposit viruses for people to > download. > > Not good. > > What are you trying to do exactly? > > If your just building an upload application in Witango, you shouldn't have > to change any of your IIS settings to allow this - just build in the > Security to "allow" uploading as part of your TAF code. > > If you are trying to find another method for uploading your Witango files to > a site, where FTP or other file transfer options are not available - then > maybe build a special Upload TAF to do this for you, with appropriate > Security features of course. > > Let us know what you are trying to do exactly. Cheers..... > > Scott Cadillac, > Witango.org - http://witango.org > 403-281-6090 - [EMAIL PROTECTED] > -- > Information for the Witango Developer Community > --------------------- > > XML-Extranet - http://xmlx.ca > 403-281-6090 - [EMAIL PROTECTED] > -- > Well-formed Development (for hire) > --------------------- > > >> -----Original Message----- >> From: Dan Stein [mailto:[EMAIL PROTECTED] >> Sent: Friday, January 02, 2004 2:01 PM >> To: [EMAIL PROTECTED] >> Subject: Re: Witango-Talk: IIS and Security issue >> >> OK I think I have it after looking on Microsoft site. As long >> as I have execute permissions set to scripts only it seems to >> not warn me if I allow write permissions. >> >> Is this pretty safe then or should I do something within >> directory security? >> >> on 1/2/04 15:29, Dan Stein at [EMAIL PROTECTED] wrote: >> >>> I want to set up my IIS so I can write to the directory >> that contains >>> my taf files for uploading new tafs etc. But I would like to not >>> compromise security by letting just anyone write. >>> >>> I have a special login for the taf file that does the >> uploads. How can >>> I best accomplish this. >>> >>> Dan >> >> -- >> Dan Stein >> Digital Software Solutions >> 799 Evergreen Circle >> Telford PA 18969 >> Land: 215-799-0192 >> Mobile: 610-256-2843 >> Fax 413-410-9682 >> FMP, WiTango, EDI,SQL 2000 >> [EMAIL PROTECTED] >> www.dss-db.com >> >> >> "When you are born, you cry and those who love you >> rejoice. And if you >> live your life as you should, when you die, you rejoice and those who >> love you cry." >> >> ______________________________________________________________ >> __________ >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >> > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
