Setting Appropriate Security
SA-FileUp executes in a specific user context: IUSR_MachineName, or an authenticated
NT domain login.
 |
There is a known problem in Internet Explorer version 3.02.
When performing uploads with NT Challenge/Response Authentication, the
browser will report an error of "Could not open site. TBS".
For more information about this bug, see Microsoft Knowledge
Base article Q169546. |
It is the responsibility of the System Administrator to ensure that NTFS
permissions are set correctly so that users performing uploads do not interfere
with proper operation of the web server.
The largest source of our support questions is security. Fortunately, most problems do not occur
from interference,
but rather because security
is too restrictive and SA-FileUp cannot function.
 |
Here are some general guidelines:
- Do prevent write access to critical directories such
as "C:\", "C:\WINNT", and "C:\WinNT\System32".
- Do audit scripts to ensure that ASP developers are writing
to correct locations.
- Do audit scripts to ensure that an instance of SA-FileUp is not created
as an Application variable.
- Do use the .Path property to set an appropriate file
system path to contain the upload cache. SA-FileUp needs a file cache to
function. If the .Path property is not set, SA-FileUp will use the default
temporary directory of the system, which is typically C:\TEMP or C:\WINNT. Ideally,
use the Path property in all of your web applications and allow IUSR_MachineName
to write to your specific upload directory. As an alternative, ensure that
the system's temporary directory can be written to by IUSR_MachineName.
- Don't prevent the IUSR_MachineName account from reading the
system registry, especially the HKEY_CLASSES_ROOT hive.
- Don't prevent the IUSR_MachineName account from reading the
SAFILEUP.DLL file.
- Don't leave the default Everyone-Everything permission
on a publicly available web server.
|
Since SA-FileUp is entirely controlled by server-side script, it is unlikely
that a user with a browser could interfere with the operation of a web server.
The responsibility of secure and stable operation falls on the
developer of the scripts and the administrator of the system.