Never underestimate the importance of properly configuring security settings. If you do not configure your security settings correctly, you will not only cause your ASP application to be unnecessarily tampered with, but will also prevent legitimate users from accessing your. asp files.
WEB servers provide a variety of ways to protect your ASP applications from unauthorized access and tampering. After you have read the security information under this topic, please take a moment to double-check your Win dows NT and Web Server security documentation.
NTFS Permissions
You can protect ASP application files by applying NTFS access permissions for separate files and directories. NTFS permissions are the basis for Web server security, which defines the different levels of access to files and directories by one or a group of users. When a user with a Windows NT active account attempts to access a file with permission restrictions, the computer checks the Access Control table (ACL) for the file. This table defines the permissions that are given to different users and groups of users. If the user's account has permission to open the file, the computer allows the user to access the file. For example, the owner of a Web application on a Web server needs to have "change" permission to view, change, and delete an application's. asp file. However, public users who access the application should be granted only read-only permission to restrict it to a Web page that can only be viewed and cannot change the application.
Maintain the safety of global.asa
To fully protect your ASP application, be sure to set NTFS file permissions on the application's Global.asa file for the appropriate users or groups of users. If Global.asa contains a command to return information to the browser and you do not protect the Global.asa file, the information is returned to the browser, even if other files of the application are protected.
Note Be sure to apply uniform NTFS permissions to your application's files. For example, a user might not be able to view or run the application if you inadvertently unduly limit the NTFS permissions of the file that an application needs to contain. To prevent this type of problem, you should plan carefully before assigning NTFS permissions to your application.
Web Server Permissions
You can restrict how your ASP pages are viewed, run, and manipulated by all users by configuring the permissions of your WEB server. Unlike NTFS permissions, which control the way a particular user accesses application files and directories, Web server permissions apply to all users and do not differentiate between types of user accounts.
For users who want to run your ASP application, the following guidelines must be followed when setting Web server permissions:
• Allow read or script permissions on virtual directories that contain. asp files.
• The virtual directory of the. asp files and other files containing scripts (such as. htm files, etc.) are allowed
"Read" and "script" permissions are allowed.
• files that contain. asp files and other "execute" permissions to run (for example,. exe and
. dll files, and so on, allows read and execute permissions.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
