asp, limiting users that can access the database that resides outside wwwroot
thanx Chris,
the directory is outside the wwwroot and write permissions have been given
to IUSR_MACHINENAME
is the following then correct:
a person on the web side cannot access this directory directly. ie there is
no path they can put in to access this directory.
However, the server can when it receives a request from a person on the web
side to update a file in the directory, via validating IUSR_MACHINENAME
permissions.
i know i am being a bit woolly on this, but is this the way it works and is
it very secure?
salud
John
"Chris Barber" <email***@***.com> wrote in message
news:email***@***.com...
> No-one from the web side can access it if its outside the web root
> structures anyway (unless your IIS server is compromised or not patched)
so
> the only permissions required are those used from the web server (eg.
> IUSR_MACHINENAME in the case of anonymous access, or specific usernames /
> groups if you use basic or integrated authentication).
>
> Chris.
>
>
>
> "John Reid" <email***@***.com> wrote in message
> news:3f1bbe44$0$26533$email***@***.com...
> > G'day,
> >
> > I have placed my XML file (ie database) outside wwwroot to make it more
> > secure. I would like to restrict the users that can access it. Do i
> nominate
> > IUSR as the user with write access or do i nominate a server account
only
> to
> > have write access? The file is only accessed via COM
> >
> > any thoughts?
> >
> > salud
> >
> > John
> >
> >
>
>
Posted: 7/21/2003 7:16:00 PM