How to enhance FSO security under win 2003

In ASP, FSO is the meaning of a file system object. The computer file system we are going to manipulate, here on the web server. So, make sure you have the right permissions for this. Ideally, you can set up a web server on your own machine so that you can easily test it. ASP provides powerful file system access, but it poses a huge threat to the security of the website, especially the FSO Trojan. You can disable the FSO component, but the result is that all ASP programs that use this component will Unable to run, unable to meet the needs of customers. To do this, what should we do?

The first step is the key to setting up Windows 2000: right click on the C drive, click on "Share & Security" in the dialog box that appears. “Security” tab, delete Everyone, Users group, if you can not run the ASP program after deleting, please add IIS_WPG group (Figure 1), and restart the computer.
Add IIS_WPG group

After this design, the FSO Trojan can no longer run. If you want to set a more secure level, please set each disk partition separately as above, and set different anonymous access users for each site. The following is an example (assuming that your host has an Abc.com site under the Abc folder on the E drive):

1. Open “Computer Management & Rarr; Local Users and Groups & Rarr; User & rdquo;, Create Abc user, and set the password, and "user must change the password when logging in next time", the previous checkmark is removed, select "User can not change the password" and "Password never expires" and set the user As part of the Guests group.

2. Right-click E:Abc and select the “Properties →Security” tab. At this point, you can see that the default security setting for this folder is “Everyone”; full control (depending on the situation) The content is not exactly the same), delete the complete control of Everyone (if you can't delete, please click the [Advanced] button, "Allow parent's inheritance permission to propagate", remove the previous checkmark and delete all), add Administrators and Abc users have all security rights to the directory of this website.

3. Open the IIS Manager, right click on the Abc.com hostname, select the "Attributes → Directory Security" tab in the pop-up menu, click on Authentication and Access Control [edit] The dialog box shown in Figure 2 pops up. The default user access is “ IUSR_machine name”, click [Browse], find the Abc account created in the “Select User” dialog box, and then enter it repeatedly after confirming. password.

After this setting, the user who visits the website accesses the site of the E:Abc folder anonymously as the Abc account, because the ABC account only has security permissions for this folder, so he can only be in this folder. Use FSO.
Figure 2 dialog box Previous page12Next page Total 2 pages