[thelist] ASP: FileSystemObject.FileExists

Maximillian Schwanekamp anaxamaxan at neptunewebworks.com
Wed Apr 14 21:34:17 CDT 2004


>The biggest gotcha I always see is people not allowing read/write/modify on
>the directory AND an Access file. Normally they only have it on the Access
>file. Since Access requires a lock file, you need to have more permissions
>on the directory itself where the Access file resides to create the lock
file.

Another good reason to dump Access altogether, and move to MySQL, MSDE, or
something else that does not have inherent filesystem security holes.  Not
something that I've heard of being exploited, but on principle it seems
crazy to that the directory where the site database resides would have a lax
security policy in order to function.

On the FileSystemObject subject, does anyone know if Software Artisans'
FileManager (an FSO replacement bundled with FileUp) is any more secure on
IIS 6?  I have a client getting a Win2003 Server dedicated setup.
FileManager on IIS 4/5 offers a number of holes due to overliberal user
impersonation capabilities, at least in a standalone server environment.

Maximillian Von Schwanekamp
Dynamic Websites and E-Commerce
NeptuneWebworks.com
voice: 541-302-1438
fax: 208-730-6504





More information about the thelist mailing list