-
Web Server Security
Hi,
I am doing an ASP website that allows users to upload files into the webserver. I am using ASP codes to the upload.
One folder is created (in one folder for all uploaded files, call it "main-folder") for each uploading process. In cases of "rollback" situations, I'll delete the folder created for that process.
I've allowed 'write' and 'delete' permissions on the main-folder for everyone. Will that cause any insecurity of the web server? :ehh:
Btw, I am using Win2K Server
Thank you.
-
The first thing that springs to mind is what happens if someone continuely uploads files until your HD is full
-
Hm..
i've restricted each file size to 1MB and they have to go thru an authetication process before they can use that "upload page". Any suggestions to make it better?
-
I'm curious to this myself, I'd say what you've done is alright, maybe a method of tracking what each user uploads/deletes such as in a log or a database. That way you can see which of your users are maliciously causing damage or doing the wrong thing.