Results 1 to 2 of 2

Thread: Upload Security

  1. Aug 16th, 2005, 08:20 AM #1
    steve_c
    steve_c is offline

    Thread Starter
    Addicted Member
    Join Date
    Mar 2005
    Posts
    147

    Upload Security

    Hi all - just configured an upload utility in asp.net using the system.io commands. This works completely fine. The directory is called uploads and I've created it as a virtual directory in my app - it's location is in my app directory.

    It works great, however, I can upload an ASP page and execute a script which is not safe at all so how can I configure this folder to just store files and not execute them?

    I can't seem to find anything to help.

    TIA guys.
    Reply With Quote Reply With Quote
  2. Aug 16th, 2005, 08:26 AM #2
    dj4uk
    dj4uk is offline
    Frenzied Member dj4uk's Avatar
    Join Date
    Aug 2002
    Location
    Birmingham, UK Lobotomies: 3
    Posts
    1,131

    Re: Upload Security

    Either move the folder out of the web root so it cannot be executed i.e. beyond scope of IIS or set the permissions on the folder within IIS. There is the option within IIS (folder by folder) to allow execute permissions for Scripts and Executables, Scripts only or None. Just set this to none.

    DJ

    If I have been helpful please rate my post. If I haven't tell me!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width