[thelist] IIS Write Permissions

Ken Schaefer ken at adOpenStatic.com
Thu Sep 11 20:18:54 CDT 2003


Couple of problems:

a) By default, medium and High isolation websites in IIS v5 run under
IWAM_<machinename>, and low isolation websites run under LocalSystem. Both
are local accounts, and can't be assigned permissions to remote resources. I
assume you're using IIS v5 since there's no indication otherwise.

b) When you say you're having problems, I assume that:
    - you're using CDONTS
    - you're using Classic ASP

CDONTS (Collaboration Data Objects For NT Server) is deprecated, and only
included with Windows 2000 for backwards compatibility. Instead, you can use
the built in CDO v2 classes (called CDOSYS) to send mail without having to
use the "pickup" directory. Instead, CDOSYS has an option to send mail using
SMTP. So all you need to do is point your mail object to the remote SMTP
server.

c) The CDOSYS documentation is a bit of a bear though. If you have trouble
getting your head around it, I would recommend getting the free JMail
component from www.dimac.net and using that instead. That also allows for
sockets based communication to a remote (or local) server, and so you don't
need to have file system access to the MS SMTP server's "pickup" directory

Cheers
Ken


----- Original Message ----- 
From: "Adam Slesinger" <badlanners at hotmail.com>
To: <thelist at lists.evolt.org>
Sent: Friday, September 12, 2003 5:33 AM
Subject: [thelist] IIS Write Permissions


Hi folks,

I just finished developing a mass email tool to send e-newsletters to our
opt-in registrants using the approach I found on evolt.org: using files to
send emails.

http://www.evolt.org/article/Using_files_to_send_emails_with_IIS_part_1_of_2/17/3419/index.html

I incorporated it into my application and things work great in development.

Trouble is in production.  Turns out the clients environment is different
than ours in the fact that their SMTP server is on a different machine than
the webserver.  So, they have to set two permissions. 1) To allow the
webserver to write files to a directory on the webserver, and 2) to allow
the webserver to move those files off the webserver and dump them into a
folder on the SMTP server.

They are scared about security.  Then I thought about it myself... Is this a
big security hazard, opening up write access on two different directories on
two machines, both accessible from the webserver?  The directories are
underneath the webroot, and the only reference to those directories are in
the ASP code.

While I do know something about Windows security, I'm no MSCE.  I was hoping
I could get some advice, warnings, or suggestions from those with more
knowledge on the subject.

Thanks much!

adam
-- 



More information about the thelist mailing list