[thelist] IIS Write Permissions

Adam Slesinger badlanners at hotmail.com
Thu Sep 11 14:33:41 CDT 2003


Hi folks,

I just finished developing a mass email tool to send e-newsletters to our opt-in registrants using the approach I found on evolt.org: using files to send emails. 

http://www.evolt.org/article/Using_files_to_send_emails_with_IIS_part_1_of_2/17/3419/index.html

I incorporated it into my application and things work great in development.

Trouble is in production.  Turns out the clients environment is different than ours in the fact that their SMTP server is on a different machine than the webserver.  So, they have to set two permissions. 1) To allow the webserver to write files to a directory on the webserver, and 2) to allow the webserver to move those files off the webserver and dump them into a folder on the SMTP server.

They are scared about security.  Then I thought about it myself... Is this a big security hazard, opening up write access on two different directories on two machines, both accessible from the webserver?  The directories are underneath the webroot, and the only reference to those directories are in the ASP code.

While I do know something about Windows security, I'm no MSCE.  I was hoping I could get some advice, warnings, or suggestions from those with more knowledge on the subject.

Thanks much!

adam


More information about the thelist mailing list