FileSystemObject

Y

Yash

Bass
zhataka, i deleted your post to that FSO thread. it is very very old (1 year +) and it contains information that no longer is valid.

We have not installed any FSO component as such on the servers. If this component comes with the Windows installation, then its supported

We are not going to make a separate installation of FileSystemObject because it can be used to access files and directories outside a user's home directory. if it comes as a Windows component, then it must obey NTFS permissions and we would have no problem if customers used it
 
Yash said:
zhataka, i deleted your post to that FSO thread. it is very very old (1 year +) and it contains information that no longer is valid.

We have not installed any FSO component as such on the servers. If this component comes with the Windows installation, then its supported

We are not going to make a separate installation of FileSystemObject because it can be used to access files and directories outside a user's home directory. if it comes as a Windows component, then it must obey NTFS permissions and we would have no problem if customers used it
Click to expand...

No worries. Just wanted to know one way or the other. Explains the behavior I am seeing. Thanks for the quick response!
 
yeah it is working, BUT (I think) it is also possible to access files outside my own directory, like on the C drive, but NOT in other users folders..

if you Yash want, I can upload an app to browse folders and files on the server so you can see..
 
OK, here is a clarification on this issue

You can use FSO to break out of the user directory on Win2000 (it's not that easy though) but you'll only have read access. It's harder to get out of your user directory on Windows 2003

Since many customers use FSO, we are overlooking this read-only risk (if you can call it a risk).

And yes, FSO is supported on all our servers. it's an ASP function
 
just had a look with a script I made and couldn't find your C drive! ?(.. I didn't have permission to other folders on the D drive than the backup folder and hshome/semikolo(n) (my own) but I did have full (read) access to E:\ (which looked like a CDROM)


it looks for me that FSO is not a security risk on Win5 and alot of users use it, so you should not disable it, but maybe you should restrict access to the backup folder?



if you Yash want a look at the program, tell me and I'll send you an email with instructions...
 
You must log in or register to reply here.
Back
Top