by giving write permission to IIS_IUSRS for the following directory..will there ever be a security concern and how to prevent it?
\App_Data\
\bin\
\Content\
\Content\Images\
\Content\Images\Thumbs\
\Content\Images\Uploaded\
\Content\files\ExportImport\
\Plugins\
\Plugins\bin\
\Global.asax
\web.config
giving write permision to IIS_IUSRS
- 50
- 376
- 8/21/2013
- United States
First question is why would you want to do this? What are the users in that group doing that they need write permissions?
I never recommend giving permissions to a group as it gives too broad a stroke for folks to try to tamper with your site / system in general.
Is it a concern, yes it is. Does that mean you will ever get hit by something that causes you a problem no... But remember you are granting permissions to a group of people who (someone) is being associated to your app pools, or else I really don't understand the need.
It is better to explain your scenario and then look for a better locked down security model.
I never recommend giving permissions to a group as it gives too broad a stroke for folks to try to tamper with your site / system in general.
Is it a concern, yes it is. Does that mean you will ever get hit by something that causes you a problem no... But remember you are granting permissions to a group of people who (someone) is being associated to your app pools, or else I really don't understand the need.
It is better to explain your scenario and then look for a better locked down security model.