Preventing a hacker from uploading a malicious file to site.

[Pam Davey]

I am considering placing a file on my Web site for download. It's actually a
small trial software package. I'm concerned that someone might be able to
overwrite the file stored on the remote server with a malicious one.

What do you recommend to prevent this? Shall I put the file in the _private
folder? Is this enough? I'm using fp2003 and the site has fp server
extentions 2002 installed.

Aside from your recommendation, I would love to be directed to some good
articles on this topic.

Thank you very much for any help.

 

[Thomas A. Rowe]

As long as the permission are configured correctly, then it would not be possible for someone to
upload a file to your server. Do not put it in the_private folder

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

 

[Pam Davey]

Ok. Thank you for your very quick response.

 

[Kevin Spencer]

Hi Pam,

All of the web pages, and anything in your site that can be browsed is
downloaded by browsers. So, if ANYTHING in your site can be overwritten by
someone without author permission, you're in serious trouble! In other
words, downlloading a file is not the same as uploading one, and files
cannot be uploaded by anyone but you.

Assuming your web site is hosted, you should never have to worry about this.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Ambiguity has a certain quality to it.