WebApp Sec mailing list archives

Re: IIS Security

From: Saqib Ali <docbook.xml () gmail com>
Date: Mon, 21 Nov 2005 07:49:03 -0800

The traversal attacks used in the past, required getting to the cmd.exe

On 11/21/05, Schmidt, Albert E <AES () ola state md us> wrote:

If the default IIS account only has access to the root document, what is the harm of placing the root document on the 
same disk partition as the operating system?  If the account does not have access to the operating system files.



--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

Current thread:

IIS Security Schmidt, Albert E (Nov 21)
- Re: IIS Security Saqib Ali (Nov 21)
- Re: IIS Security Saqib Ali (Nov 21)
- <Possible follow-ups>
- RE: IIS Security Evans, Arian (Nov 21)