anonymous user write permissions on file system?

Last post 04-05-2010 12:35 PM by Vikas Sonawane. 1 replies.

Page 1 of 1 (2 items)
	Sort Posts: Previous Next

08-06-2009 9:35 PM

ecooke
Joined on 04-12-2008
Posts 14

anonymous user write permissions on file system?

Reply Contact

Hello everyone.
I have a question for everyone, and would like some feedback. We need to allow our ASP.NET apppools to write to the sites folders. Unfortunately it looks like DotNetPanel runs the app pools with the same user as the websites anonymous user. Are there any security implications allowing the anonymous user full write access to the sites file systems, as long as the write option for the site is unchecked? In my mind, this is a bad idea. Before we used DotNetPanel, we ran our app pools as a different user and gave that user write access to the site files.

Does anybody have any suggestions on this?

Thanks,
Ed

04-05-2010 12:35 PM In reply to

Vikas Sonawane
Joined on 03-15-2009
Posts 31

Re: anonymous user write permissions on file system?

Reply Contact

Yes, DNP use the websites anonymous user to run app pool. If you will assign writ permissions on website root then it's really security issue. I haven't tried this before butYou can try following ,

If you create new user Ex. "IWAM_website" through users managemnet and set the user in App Pools properties. You can add that new user on webroot folder with write permissions to avoid security risk.

Cheers ! Smile

Vikas Sonawane.

Sr. Windows System Administrator.
MCP, MCSE, CCNA

Page 1 of 1 (2 items)

Dotnetpanel Forums