[thelist] ASP: FileSystemObject.FileExists

Ken Schaefer ken at adOpenStatic.com
Wed Apr 14 20:28:47 CDT 2004


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Monique Angelich" <listmail at devedia.com>
Subject: Re: [thelist] ASP: FileSystemObject.FileExists


: As a note for anyone reading this thread for
: reference later, the folder the image resides in must
: have full read/write permissions for all users for the
: filesystem object to read the files in that directory,
: which usually includes a simple "does this exist"
:
: --- Monique
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's not make web server security any more lax than it already is. There
are plenty of holes in IIS (prior to v6) already, and plenty of buggy
application code, let's not actively promote more unsafe, exploitable,
practices.

For the user account that IIS is impersonating (eg IUSR_<machinename>)
List Folder Contents <- to list the contents of a folder
Bypass Traverse Checking <- to avoid having permissions from the folder root
Read (R) <- read a file
Execute (X) <- to execute a file on the server

There is no need to Write (W) or Delete (D) permissions whatsoever.

Cheers
Ken

Microsoft MVP - Windows Server (IIS)



More information about the thelist mailing list