|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
SlickEdit: Code in over 40 languages across 7 platforms. SlickEdit’s unmatched power, speed, and flexibility allows even the most accomplished developers to write better code faster. Download a free trial today! |
|
#1
December 9th, 2006, 07:12 AM
|
|||
|
|||
|
Windows server 2003 security
A charity I help out with has been given a fully working and configure web server (Windows server 2003). We are about to launch an ASP site that allows users to dynamically update content via forms. Can anyone give us any advice on what security should be applied to the Database folder to prevent people from downloading the DB, if in fact this is necessary? And any other advice on security pitfalls that would normally be pre configured by your host?
|
|
#2
December 10th, 2006, 05:42 AM
|
||||
|
||||
|
--moved to the Windows Security forum, you'll get better answers here.
|
|
#3
December 10th, 2006, 03:09 PM
|
|||
|
|||
|
On the server open your web browser to http://localhost/iishelp for the IIS documentation.
Look at the Microsoft server documentation in the online help, and at the msdn library. There's way too much for any simple answer.
__________________
====== Doug G ====== I didn't attend the funeral, but I sent a nice letter saying I approved of it. --Mark Twain
|
|
#4
December 11th, 2006, 07:28 AM
|
|||
|
|||
|
If you have a Micorsoft Access database then you really need to remove read permissions for it or the folder it is in.
This will deny browsers permission to open the file. You can remove read permission to files/folders from IIS. Another option is to move the database into a folder outside of the webroot. e.g. Your website is on the server is at C:\Inetpub\ The webroot (where the html/asp scirpts/images etc) is at C:\Inetpub\wwwroot You could have your database at C:\Inetpub\Data For the content management, make sure you know what you are allowing your users to do. If you let them post all HTML tags then they could break their pages. It's best to restrict them to formatting tags such as tables, headers, paragraphs, links, images, lists etc. If you let them post all HTML then they can disrupt their pages using styles, iframes, HTML/BODY/Script/Form tags. If you have script tags available then they could bring down the server using reloads and redirects etc.
__________________
CyberTechHelp
|
|
#5
December 11th, 2006, 01:47 PM
|
|||
|
|||
|
Quote:
Thanks degsy, i have moved the folder outside the root directory as suggested above. This solved the problem of people browsing to and downloading the DB. Do you have any suggestions of how i would go about restricting the users to only "formatting tags"?
|
|
#6
December 12th, 2006, 09:14 AM
|
|||
|
|||
|
You just have to add your own custom validation to the script.
If you really want to get into it you would look into using Regular Expressions to parse the input and detect or remove invalid content.
|
|
| Viewing: ASP Free Forums > System Administration > Windows Security > Windows server 2003 security |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
 |
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
