Skip to main content.
home | support | download

Back to List Archive

RE: Swish and file permission

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Mon Jun 10 2002 - 13:54:50 GMT
At 03:34 PM 06/10/02 +0200, Maxime Saby wrote:
>Yes, it is a web based application. 
>The documents are stored on a Windows machine and protected at a File
>level. The users who can access the documents are defining in an 
>active directory server. 
>
>When one of the users log in the web application, where he can
>make some search queries, i should return to him only the files
>for which he has some rights. That's my goal.

Someone that knows Windows will have to answer -- you are probably best
asking on some group that discusses Windows.

Be sure you ask about the security of such a setup.  It's sounds horribly
insecure.  From CERT reports it seems IIS has enough security problems
without adding something like this.  

On unix you would have to either run the web server as root (no!) or have
the application know all the user's passwords and su to that user to fetch
the file.  Ether way is scary.  Or run something like Apache's suEXEC, but
that would not limit access to the owners of those files.

I'd expect that you would want to make all the files readable to the web
server (which shouldn't have any special power) and the use SSL and some
type of authentication to provide access to the files.






-- 
Bill Moseley
mailto:moseley@hank.org
Received on Mon Jun 10 13:58:23 2002