Upload Security

Printable View

Aug 16th, 2005, 08:20 AM
steve_c

Upload Security

Hi all - just configured an upload utility in asp.net using the system.io commands. This works completely fine. The directory is called uploads and I've created it as a virtual directory in my app - it's location is in my app directory.

It works great, however, I can upload an ASP page and execute a script which is not safe at all so how can I configure this folder to just store files and not execute them?

I can't seem to find anything to help.

TIA guys.
Aug 16th, 2005, 08:26 AM
dj4uk

Re: Upload Security

Either move the folder out of the web root so it cannot be executed i.e. beyond scope of IIS or set the permissions on the folder within IIS. There is the option within IIS (folder by folder) to allow execute permissions for Scripts and Executables, Scripts only or None. Just set this to none.

DJ

All times are GMT -5. The time now is 11:32 AM.