The risk of granting to IUSR* NTFS permissions on a folder on the server
Posted
by
vtortola
on Stack Overflow
See other posts from Stack Overflow
or by vtortola
Published on 2011-06-24T14:21:57Z
Indexed on
2011/06/24
16:22 UTC
Read the original article
Hit count: 201
I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot".
The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use.
It works so far :)
But, what is the risk? what should I be afraid of?
As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :)
What do you think? May the file or even the server itself get compromised because of this?
Thanks.
© Stack Overflow or respective owner