I want to protect the webexplore script.
It is not in the root of the script so how
else can I protect it. Like when it is open on the web, how can I prevent them from downloading it or saving the file.
mark
3/12/2002 8:31 PM
Also I would like to now how to prevent
certion files from being uploaded, exe, cgi, etc. I'm leting my freind host a page on my machine and I want to prevent that.
mark
3/12/2002 9:08 PM
You have to configure some permissions for the related folder. You can't prevent certain files from being uploaded but if you disable IIS "Execute" permission of the related folder then users will be able to upload asp, exe, cgi files but they won't be able to execute them.
I couldn't understand your first question well so please be more clear.
If you want to disable downloading, disable IIS "Read" permission and if you want to disable saving files, disable NTFS "Write" permission of the related folder.
Cem Alacayir
3/13/2002 7:26 AM
Well on the first quisten I was worred my freinds save the web page on there desktop or somthing and alter the root directory path by editing it and then upload the alterd version and get into my sytem.
mark
3/13/2002 3:26 PM
By the way you did a buitiful job on this script Ive used other's, but I love the single page version you created. It works much better without tying up resources.
mark
3/13/2002 3:35 PM
Thanks for your comments.
If you are worried about someone that would upload his own modified version of WebExplorer and execute it, doing what I told above about disabling IIS "Execute" permission of the root folder defined in WebExplorer, will prevent this.
Else if you are thinking that someone can download, modify and then upload WebExplorer installed on your server by simply browsing it, that's impossible, ASP scripts can't be downloaded unless default server settings are changed. Assuming it happened in some way, how do you expect someone to upload the altered version to your server and overwrite your installed version?
Cem Alacayir
3/13/2002 7:20 PM
Great script by the way! I love it. This is a good idea and I have written some simple code (all of about 6 or so lines) that will allow a user to set the type of files that are allowed to uploaded. Let me know if you want it and I will send it to you.
Tom
3/26/2002 8:01 PM
Thank you to Tom. Have you taken in account that what will happen when some text file is saved as something like *.asp file? One can upload a kind of file that's in your allowed list and then open it in the editor and save it as an insecure kind of file.
Anyway I will add this feature in the next version.
Cem Alacayir
3/26/2002 11:16 PM
Good point, Cem. I have modified it to prevent that from happening. I have sent you the modified script in a separate email.
Thanks Again!!
Tom
3/27/2002 6:34 PM