We have a small internal security issue with our FTP site...
We created an FTP site with multiple sub-directories and setup user names, passwords, permissions for each directory. When a user signs in from the web, they are sent to the sub-directory that is associated with that user name and the permissions are set as such where they should not be able to view any other directories under the main directory for FTP site.
The problem is this, when someone outside the local network logs in and browses our FTP site from an internet browser, they can still navigate to the upper level main directory and view all of the other sub-directories even when they don't have the permission settings to do so. If they use a windows explorer window to access the FTP site, the permissions work as they should and they are not able to navigate to upper level main directory.
Has anyone heard of this happening? Any guidance is much appreciated.
Thanks,
DFLewis
We created an FTP site with multiple sub-directories and setup user names, passwords, permissions for each directory. When a user signs in from the web, they are sent to the sub-directory that is associated with that user name and the permissions are set as such where they should not be able to view any other directories under the main directory for FTP site.
The problem is this, when someone outside the local network logs in and browses our FTP site from an internet browser, they can still navigate to the upper level main directory and view all of the other sub-directories even when they don't have the permission settings to do so. If they use a windows explorer window to access the FTP site, the permissions work as they should and they are not able to navigate to upper level main directory.
Has anyone heard of this happening? Any guidance is much appreciated.
Thanks,
DFLewis
