Threat from the FSO to build a virtual host (a)
How to allow the FileSystemObject component, without affecting the security of the server (ie: different Virtual Host users can not use other people to read and write the components of the document) does? Here I am in the experiment was a way to Windows 2000 Server below as an example to illustrate.
On the server to open Explorer, right-click each hard drive partition or volume, in the pop-up menu and select "Properties", select the "Security" tab, when you can see what account be able to access the partitions (volumes) and access rights. Default installation, there is the "Everyone" has full control permissions. Point "add" to "Administrators", "Backup Operators", "Power Users", "Users" group to add a few into, and to give "full control" or the appropriate authority, careful not to "Guests" group, "IUSR_ machine name" of any rights of these accounts. And then "Everyone" group to delete from the list, so that only authorized groups and users can access the hard disk partition, and the ASP implementation is based on "IUSR_ machine name" hard drive in his capacity as the visit here did not give the user account permissions, ASP can not read and write files on your hard disk.
To do is the following for each virtual host the user to set up a separate user account, and then give the distribution of each account to allow full control of a directory.
As shown below, open the "Computer Management" → "Local Users and Groups" → "user", in the right-hand column, click the right mouse button in the pop-up menu, select "new user":
<IMG SRC="http://188.8.131.52/paddy/bbsimages/fsosafe/001.gif" border=0>
In the pop-up "new user" dialog box in accordance with the actual need to enter "User Name", "full name", "description", "password", "Confirm Password", and "the next time you log when users change the password" removed before the step, select "User can not change password" and "Password Never Expires." In this case is the first virtual host to set up an anonymous user access to the built-in Internet Information Services Account "IUSR_VHOST1", namely: the use of all http://xxx.xxx.xxxx/ client access to this virtual host, are In this capacity, to visit. Input Upon completion point "to create" can be. Can be based on actual needs, to create multiple users, create a point after the "off":
<IMG SRC="http://184.108.40.206/paddy/bbsimages/fsosafe/002.gif" border=0>
Now the newly created user account appears in the list, and in the list, double-click the account in order to further set:
<IMG SRC="http://220.127.116.11/paddy/bbsimages/fsosafe/003.gif" border=0>
In the pop-up "IUSR_VHOST1" (that is, just create a new account) Properties dialog box midpoint "under the" tab:
<IMG SRC="http://18.104.22.168/paddy/bbsimages/fsosafe/004.gif" border=0>
Newly created account is the default "Users" group, select the group, point "delete":
<IMG SRC="http://22.214.171.124/paddy/bbsimages/fsosafe/005.gif" border=0>
Is now as follows, again at this time point "add":
<IMG SRC="http://126.96.36.199/paddy/bbsimages/fsosafe/006.gif" border=0>
ASP File System Object Articles
- Automatically generated using the function n layer directory
- A simple analysis of the HTML virus
- Collection of commonly used functions of Oracle
- Commonly used ASP function
- FSO to obtain the image file with the information (size, width, height)
- Using XML + FSO + JS to achieve server-side file
- Principles of secondary domain names, as well as procedures
- Image files using FSO to obtain information
- ASP, FSO directory traversal and file directory
- No template, only ASP + FSO to generate static HTML pages of a method
- FSO read TXT file
- The power of FSO
- FSO to open
- Page How do I know the actual size of the image?
- FSO object of ASP in IIS WEB server data security threats and countermeasures
- Threat from the FSO to build a virtual host (a)
- Construction of a threat to the virtual host from the FSO (b)
- Construction of a threat to the virtual host from the FSO (c)
- Traversal function to sort files
- asp commonly used in document processing function
Can't Find What You're Looking For?
Rating: Not yet rated