Roland
Tue Jul 12 07:35:09 CDT 2005
"Aaron Bertrand [SQL Server MVP]" <ten.xoc@dnartreb.noraa> wrote in message
news:e6lF0bthFHA.3936@TK2MSFTNGP10.phx.gbl...
:> : file should grow, plus you need write to create the LDB file.
: >
: > 1. It's not create rights, it's write rights.
:
: That's what I said. "You need write to create the LDB file."
Which means you only need modify rights. I hear an echo. (O:=
: > 3. With Full Rights you can change permissions and take ownership.
That's
: > not a good thing to give to an anonymous user or anyone that doesn't
need
: > it.
:
: An anonymous user who can't log in (since Windows controls the password).
You're assuming the password is being controlled by the OS. Just because
it's the default doesn't make it so. You're also assuming it can never be
compromised. What is the only secure system in the world?
: Can you please demonstrate an ASP script that will allow a user of the web
: site to do something silly or worse because IUSR has "full control" rights
: rather than the individual permissions.
NTFS permissions do not affect ASP scripts, directly. They affect user
access. I don't know what the next buffer overflow is going to do and
giving Full Rights to an account that doesn't need it is a security risk.
Network security is not rocket science. It's not a task. It is a simple
philosophy. Never give anyone access they don't need to get their job done.
It's not a good idea to teach others bad behavior no matter how well
intended, no matter how safe it appears to be on the surface.
: Remember that if someone has access to the file system to change an ASP
: script that IUSR has access to, they have already compromised more than
what
: you're worried about.
I'm always worried about the whole system, not just in part. I never assume
anything is secure. As stated above, I have a simple philosophy and I
follow it. It increases my chance for success in securing my network and
those I support. It's not a good idea to give everyone on the net Full
Rights to any part of my network.
: And also remember that I did not suggest adding IUSR
: to the administrators group.
I'm aware. I'm not suggesting you don't know something about security,
however I don't know your level of competency of network security, nor
anyone else's on the net. My response was based on a philosophy which
requires following a standard approach when working with permissions. The
first no-no in network security it to assign Full Rights to any account that
doesn't need it. It's also the first rule broken by every lazy admin on the
planet. I also cannot assume the developer is so proficient that they will
not make the situation worse with sloppy coding. I just cannot predict what
others will do. I have to assume the worst and act accordingly to minimize
the risk and the unscheduled downtime. Also, the net user is not my biggest
threat. It's the users who already have some access to the internal network
and usually Public Enemy #1 is the soon to be convict I'm working under who
thinks s/he needs Administrative access because of his/her title.
--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center -
http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation -
http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library -
http://msdn.microsoft.com/library/default.asp