Hi all,
I've been asked to develop a perl script that produces PDF files on the fly, as a visitor conducts searches on an Internet site. This I have done no problems, but I believe part of my solution poses a security risk:
The only way I can get the PDF files to be written properly, is by setting the NTFS permissions on a directory (called /pdfs - nothing but PDF files being stored here) to allow Everyone write access - anything less and the script bombs out.
The permissions in IIS for this directory are read only.
Not having a complete understanding of permissions on a win2k/iis platform - can someone advise what risks I may be exposing myself to, and alternate methods of setting these permissions....
I've been asked to develop a perl script that produces PDF files on the fly, as a visitor conducts searches on an Internet site. This I have done no problems, but I believe part of my solution poses a security risk:
The only way I can get the PDF files to be written properly, is by setting the NTFS permissions on a directory (called /pdfs - nothing but PDF files being stored here) to allow Everyone write access - anything less and the script bombs out.
The permissions in IIS for this directory are read only.
Not having a complete understanding of permissions on a win2k/iis platform - can someone advise what risks I may be exposing myself to, and alternate methods of setting these permissions....
