Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Foxweb can access the table in different database?
Message
From
27/10/1998 14:22:27
Eric Barnett
Barnett Solutions Group, Inc
Sonoma, California, United States
 
General information
Forum:
Visual FoxPro
Category:
Third party products
Title:
Re: Foxweb can access the table in different database?
Miscellaneous
Thread ID:
00150778
Message ID:
00151181
Views:
19
Rick,

You are right of course - I was way too brief in my explanation.

I meant to describe the last scenario you were talking about - setting the permissions on the target resource. I haven't really used FoxWeb so I don't know about RevertToSelf() which sounds interesting. Impersonate is of course also an option.

That'll learn me not to give a full explanation. I am certainly aware of the security issue you describe. I don't want to be giving bad advice.

Sheepishly,

>
>Hold it <s>... that's extremely bad advice! It opens huge security issues.
>I've seen this a lot on *public* Web sites even where you end up with
>total access.
>
>There are a couple of better ways to handle this if indeed you're using IIS
>and an InProc component that has the same rights as an IIS request (which
>would apply to ISAPI and CGI extensions called from IIS).
>
>there are several API calls that allow user account impersonation to
>*temporarily* set permissions to access resources either locally on
>the network. For local machine access the easiest thing to do is use
>RevertToSelf() which reverts IUSR_ to the SYSTEM account. This may
>or may not allow you access to the network depending on how security
>is set up for the system.
>
>You can also use ImpersonateLogon( specific account) or
>ImpersonateInteractiveUser(whoever is logged on or SYSTEM if noone is).
>These require some additional calls though to get an access token first.
>
>The other route is to set permissions on the target resource to allow
>IUSR_ of the Web server access on its remote drives. To do this you have
>to change the randomly assigned password for IUSR_ in user manager and
>IIS. Once you actually know what hte password is create the IUSR_WebServer
>account on the target server with the same user name and password,
>making it possible to allow access. Make sure you don't expose this
>remote resource in any way through Web or other TCP/IP interfaces - if
>you do you have a huge security leak - the key is not to let the outside
>know or not use TCP/IP on that net connection at all.
>
>The same security scheme is required in order to make DCOM component calls
>from IIS's user context.
>
>
>
>
>
>
>
>
>>
>>>Hi!
>>>I have a question about Foxweb ( a foxcode based CGI script Engine )
>>>
>>>On alpha Server VFP and VFP's runtime cannot run, but I must handle
>>>some kind of processing on alpha Server.
>>>So I decided that Foxweb and pragram which associated in Foxweb let be
>>>install on intel chipset Server and only database file let be install on alpha server.
>>>
>>>But the very difficult problem is that FOXWEB CANNOT ACCESS THE DATABASE THAT IS ON DIFFERENT SERVER.........
>>>
>>>How can I access the database on different server in using Foxweb?
>>>
>>>Please give me a any information about this.......
>>>
>>>Best regards.
>>>thanks
>>>
>>>www.vfp.co.kr
>>>funnyfox@vfp.co.kr
Eric Shaneson
Cutting Edge Consulting
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform