[thelist] The D**N IUSR_MACHINENAME

Ken Schaefer ken at adOpenStatic.com
Sun Jan 25 23:25:53 CST 2004 

Hi,

I'm glad you got it working.

I hope the following may help a little in understanding what's going on
under the covers. In any modern multi-user operating system, every action
needs to take place under the user context of some user. When someone (such
as yourself) browses a page on your local website, the webserver software
needs to load the page off the hard disk (as well as, possibly connect to a
database etc).

If you authenticated when requesting the webpage (ie your browser gave you a
login prompt, and you typed in your Windows username/password), the IIS uses
that user account to run the webpage. If you don't supply any credentials
(ie you are anonymously browsing the website), then IIS will use the
"anonymous user account" to run the webpage. Which actual Windows account
this is is set in the IIS MMC Snapin (on the Directory Security tab ->
Anonymous Access button). By default this is the IUSR_<machinename> account,
however you can change it if you wish.

Now, if this account is being used to run the webpage, it'll also be used to
connect to a database etc. If you want this webpage to be able to
read/modify an Access .mdb file, then you need to make sure that the
anonymous internet user account has "modify" (read/write/delete) permissions
on the folder that the database is in, and to the database itself (the
actual permissions needed a little bit less, but that's more work in setting
up. You set these "NTFS" permissions via Windows Explorer

Now - the bit about removing "read" permissions in IIS that you did (which I
also recommended) is entirely separate. That step is only required if the
Access .mdb file is located inside your website. The reason you do this is
to stop people browsing your website from downloading your Access file in
the same way they'd be able to download an image, or a webpage (by typing in
http://yourserver.com/yourDatabase.mdb). By removing the IIS Read
permissions, HTTP GET/POST etc requests will not be served from that
directory.

In a hosted environment, your host should provide your with a particular
"special" directory that has already had this setup. This is where you put
your Access file, and it's able to be edited via your website. As the same
time, it can't be downloaded by people browsing your website.

Cheers
Ken

----- Original Message ----- 
From: "Lightning" <oktellme at earthlink.net>
To: "thelist" <thelist at lists.evolt.org>
Sent: Monday, January 26, 2004 7:49 AM
Subject: [thelist] The D**N IUSR_MACHINENAME


:
:
:  The good news is my program works as-is when I put it on my hosted
server.
:
:  The bad news is, I can't get it working on my computer for nothin'.
:  I have XP, am using ms access.
:
:  I went to programs>administrative tools> iis.msc
:    browsed to directory, right-clicked on properties,
:       tried it by un-clicking READ, as you suggested.
:       tried various other combos too.
:
:  It least I can work it on my site server. but it IS a problem to have to
: ftp
:  every change before testing it.
:
:  I'm going to try the aspfaq site as you recommended.
:
:  thanks, Laura
:
:
:
:
:
: -- 
: * * Please support the community that supports you.  * *
: http://evolt.org/help_support_evolt/
:
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !
:

More information about the thelist mailing list