" Remove ?execute? permission from the upload directories (folders). "
Indeed. This seems to be an application problem - like the popular SQL injections. An
application accepts a file with a funky name and uses it for the file name on the
server . At the same time the server has assigned execute scripts permission on the
****** upload directory?
It should be self-evident, but even so it has also been mentioned in the security best-
practices for IIS:
Do not assign Write and Script source access permissions or Scripts and Executables
permissions. Use this combination with extreme caution. It can allow a user to upload
potentially harmful executable files to your server and run them. For more information, see
Securing Sites with Web Site Permissions.
(http://technet.microsoft.com/en-us/library/cc782762(WS.10).aspx)
IBM Sponsored Resources
Resources from our Sponsor
- Oracle Exadata vs IBM: Netezza Compared
- Forrester TEI Report
- CIA Whitepaper
- Harnessing the Power of Advanced Analytics
- Tapping into Unleashed Business Potential with Advanced Analytics
- Unlock Analytic Performance with Revolution R for Enterprise and IBM: Netezza Data Warehouse Appliance
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
