RE: [imail] Security issue on ezsignup

Tue, 13 Mar 2001 14:29:44 -0800 

Akim,
        Not to our knowledge. Actually IUSR only HAS to have perms on the DLLs in
the EZSignup folder and the .EXEs you wish to run (adduser.exe and
ldaper.exe) in the Imail folder. And to our testing, It must be full perms.
        As for the security risk, IUSR runs as a system service already. Our
SafeExec DLL only executes files within the Imail folder. So the only access
they could get would be to those (to my knowledge).

jeff

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
akim alam
Sent: Tuesday, March 13, 2001 4:19 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [imail] Security issue on ezsignup


In EzSignup readme.htm file, step 5 instructs to give
IUSR_machinename user a full access to entire imail
and ezsignup folders. This definitely opens up a
security hole for hackers.  Can it be done more secure
way.

Thanks in advance.

Akim

Step 5:

In Explorer, right-click on the IMail directory, go to
Properties, then Security, and add the
IUSR_YourMachineName account, giving it Full Rights on
the entire IMail directory and the EZSignUp directory.
(If you installed the EZSignUp directory somewhere
else, do the same to it.)



__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/



______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Glowing Praise...... mailto:[EMAIL PROTECTED]
Searchable List Archive.... http://www.mail-archive.com/[email protected]
To Manage your Subscription......... http://humankindsystems.com/lists





______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Glowing Praise...... mailto:[EMAIL PROTECTED]
Searchable List Archive.... http://www.mail-archive.com/[email protected]
To Manage your Subscription......... http://humankindsystems.com/lists

Reply via email to