[thelist] IIS Credentials - Security

Joshua Olson joshua at waetech.com
Mon Jul 15 12:21:03 CDT 2002


----- Original Message -----
From: "Ken Kogler" <ken.kogler at cph.org>
Sent: Monday, July 15, 2002 12:44 PM


> Unless I'm mis-interpreting this, why not just link to the images from the
> restricted site over http?
>
> <img src="http://www.mysite.com/public/header.gif">
>
> My guess is that the permission headaches are caused by the file/folder
> permissions, which the OS uses when it encounters a link like <img
> src="../header.gif">

Most of the code is legacy code and is already in the relative paths.  If
you are correct in that addressing the images via the full url would fix the
problem, then that is very insightful.  Do you have any reference for your
idea?  Checking the site on IE 6.0, I'm not seeing the same problem, so you
could be correct.

A related problem is that some of the restricted code uses
FileScriptingObject to look at the folder structure.  The restricted files
are not able to see via FSO those folders that have only administrator and
Internet Guest Account access.  Again, my easy solution is to add
"Authenticated Users" read access to all the folders/files of the site.  Is
this a bad idea?

-joshua





More information about the thelist mailing list