Security hole or feature? (IIS related)
-
I have a COM object which runs on IIS server. From within, I can't access files on another computers in Local network. But I needed to. So I thought about a workaround and created a thread with specified Scurity Attributes. That worked. Now (dunno why) I tried to create a usuall thread (using
AfxBeginThread(&Test, NULL)) and ..... inside this thread I could access files on other computers also! Now here comes a question. Why it is so? And is this a security hole, or a feature that I can use in my programs? Philip Patrick Web-site: www.stpworks.com "Two beer or not two beer?" Shakesbeer Need Web-based database administrator? You already have it! -
I have a COM object which runs on IIS server. From within, I can't access files on another computers in Local network. But I needed to. So I thought about a workaround and created a thread with specified Scurity Attributes. That worked. Now (dunno why) I tried to create a usuall thread (using
AfxBeginThread(&Test, NULL)) and ..... inside this thread I could access files on other computers also! Now here comes a question. Why it is so? And is this a security hole, or a feature that I can use in my programs? Philip Patrick Web-site: www.stpworks.com "Two beer or not two beer?" Shakesbeer Need Web-based database administrator? You already have it!How I understand you simply delegate security attributes from your workaround thread. If windows security give you access to files on nearby computers then IIS thread also can do that. Solution: try to run IIS extensions by special user, which have special security settings in domain, then IIS will only have access to folders and computers were special security for such user is set. Good Luck
-
How I understand you simply delegate security attributes from your workaround thread. If windows security give you access to files on nearby computers then IIS thread also can do that. Solution: try to run IIS extensions by special user, which have special security settings in domain, then IIS will only have access to folders and computers were special security for such user is set. Good Luck
Well, I think so too. But look, the main thread of COM object is also one of the threads of IIS (inetinfo.exe), but there I can't access files over network. And user settings for IIS are usual, IUSR_ComputerName, which has rights like Guest account (e.g. - no rights :) ). But a simple thread, opened from this COM object, looks like it has much more permissions... Dunno why. All I want to know right now, if I can use this feature, or maybe it will be fixed as security hole, lol Philip Patrick Web-site: www.stpworks.com "Two beer or not two beer?" Shakesbeer Need Web-based database administrator? You already have it!