| Author |
 Topic  |
|
|
phatphish
Starting Member
4 Posts |
 Posted - 03 May 2001 : 07:50:25
|
Hi,
Just a question with regards to NT security and the snitz forums. I've just installed the forums on an NT server running IIS4. Everythings works fine, no probs. However, as I work for an ISP, and have seen this problem numerous times before, it strikes me as a pretty big security risk that the IUSR_Computer user has to have full control of the forums database directory.
I have played about with these security settings, the most basic (minimal) permissons I have managed to assign that work are for IUSR or 'Everyone' are:
Read/Write/Execute file permissions with
Read / Execute directory permissions
Now these permissions *do* work. I had this working for a short while, but then found that I would recieve the error from inc_top.asp which seems to crop up a fair few times in these forums. I don't believe there is a problem with the ASP pages as such, however does anyone know how to nail down the security permissions in NT without assigning 'Full Control' to the Internet User. It appears to be related to the ODBC driver installed on the server. I have updated these components, without any further success.
Answers on a postcard.
Rich
Edited by - phatphish on 03 May 2001 07:56:33 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 03 May 2001 : 08:54:08
|
you need to assign modify permissions as well as read and write, but you do not need to allow full control
|
 |
|
|
phatphish
Starting Member
4 Posts |
Posted - 03 May 2001 : 09:29:00
|
How do you mean "modify" permissions?
The choices for file and directory permissions are:
read,write,execute,delete,change permissions and take ownership.
I'm loathed to change the file permissions to anything greater than read,write and execute, simply because adding anything else comprimises the forum db, and at worst the server.
Please explain what you mean by modify permissions, i pressume this mean delete access as well as write?
Thanks
Richard.
Like I said, I did have this running with read/write for the directory and read/write/execute for the db.
No-one's seen this to be a problem with Microsofts data access components?
Check out the following url for more info:
http://support.microsoft.com/support/kb/articles/Q183/0/60.ASP
|
|
|
|
phatphish
Starting Member
4 Posts |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 03 May 2001 : 15:30:19
|
quote:
How do you mean "modify" permissions?
The choices for file and directory permissions are:
read,write,execute,delete,change permissions and take ownership.
I'm loathed to change the file permissions to anything greater than read,write and execute, simply because adding anything else comprimises the forum db, and at worst the server.
Please explain what you mean by modify permissions, i pressume this mean delete access as well as write?
Thanks
Richard.
Like I said, I did have this running with read/write for the directory and read/write/execute for the db.
No-one's seen this to be a problem with Microsofts data access components?
Check out the following url for more info:
http://support.microsoft.com/support/kb/articles/Q183/0/60.ASP
All you should need to set are read write and delete. you do not need execute since your db is not a script
|
|
|
|
phatphish
Starting Member
4 Posts |
Posted - 04 May 2001 : 04:10:22
|
quote:
All you should need to set are read write and delete. you do not need execute since your db is not a script
Yeah, that seemed to work without chucking out any errors from the ASP.
File access : read,write,delete.
Directory access : read, write.
I'm happy(ier) now!
Cheers |
|
|
| |
Topic |
|
|
|
Topic Locked
