Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
IUSER Permisions
Message
From
10/11/2007 15:26:25
John Fenton
Wordmasters
Sacramento, California, United States
 
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: IUSER Permisions
Miscellaneous
Thread ID:
01267773
Message ID:
01268265
Views:
28
>The issue is that if you give write/modify access to IUSR, then anyone accessing the effectively has those same permissions. If they can compromise your site (eg. upload a file and get it executed), it will happen under that account. There are ways of temporarily impersonating other users, putting special permissions on some folders that only admins have access to (via NT authentication), etc. that can help reduce the changes things can be compromised.

Thanks,

I ran into a situation where I had to give the read/write permissions to IUSR in order to get parts of DNN to run. I solved it by changing hosts.

WOW Lot of reading there. Being somewhat of a noob to this aspect of security a lot of it is somewhat over my head still.

>>If they can compromise your site (eg. upload a file and get it executed)

OK so the security concern is to prevent the amount of damage that can be done after the system has already been compromised. There isn't just some easy way for IUSR to upload or modify a file just because it has write/modify privileges.

One fundamental thing I guess I don't get. Once they manage to get an executable uploaded. Wouldn't it execute under the ASPNET/NETWORK account?

Thanks again.
John Fenton
www.wordmasters.com
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform