[thelist] IIS Application Settings
Minh Lee Goon
evolt at goonies.info
Thu Aug 22 08:59:01 CDT 2002
Greetings, evolt. I'm in a bit of a situation and need your help. In IIS, in
the Home Directory property sheet of a web, I'd like to know how to securely
manage the Application Settings for that web. Here's my situation:
I'm managing users who use FrontPage Server Extensions to create and edit
their web sites. An alarm was sounded when my supervisors discovered that
IIS allows scripts and applications to be run from the user folders. In
reading, I know I can limit the extensions that can be run by going to the
Home Directory property sheet of the root web and disabling scripts in the
Application Setting section, or by removing the extensions listed under
Configuration.
However, there will be some account that will need to run ASP and CFM files,
so I will not be removing those file extensions. My question is: What other
file extensions should I not remove?
I hope that made sense. Thanks.
Minh Lee
http://www.goonies.info/
Not the film. The family.
More information about the thelist
mailing list