Vulnerability Development mailing list archives
Re: dvwssr.dll /service.lck
From: sozni () USA NET (.sozni)
Date: Sat, 15 Apr 2000 11:57:02 MDT
This really has nothing to do with dvwssr.dll, but Marc made a comment about the purpose of service.lck and I wanted to clear that up.
For NT services you use the same authentication mechanisms as a regular NT login. There is a file, service.lck, that I believe controls access to the FP web. Whatever permissions set on that file are what carry over to logins.
Actually, service.lck does partially control access to the web, but does not determine the acl's of the web. Service.lck is really a lock file that keeps two people from accessing a web's resources at the same time. When no one is authoring the web, service.lck will be a 0-byte file. As a side note, one can certainly adjust the permissions on that file so that only certain users can write to it, thereby preventing others from creating locks. If FrontPage can't write to the lock file, it will not open the web. This could also happen accidentally when a client accessing a FrontPage web loses its network connection and fails to free the locks. However, permissions to the web are normally controlled through author.dll/exe and admin.dll/exe. Those files are actually the same executable but are duplicated to allow unique permissions for authors and admins. If a user attempts to use either of those files and has the proper permissions, then the FrontPage extensions will give permissions to the rest of the files on the web. .sozni ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
Current thread:
- Re: dvwssr.dll /service.lck .sozni (Apr 15)