COM is the best way to go, and scales better. Handle auth with whatever mechanism you're comfortable with. Build the app such that it can only modify very specific registry keys (focus on validation for those values before changes are commited to the registry). This will help prevent exploitation. Make sure that file (executable or script like Perl or VBS) is read-only to any account that is actually calling it from the web server.
-ives ----- Original Message ----- From: "Todd Holt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 11, 2003 8:00 PM Subject: RE: [IMail Forum] Somewhat OT: Registry Security > Or you could write it in .Net and use a webservice to read/write the > registry. > > Todd Holt > Xidix Technologies, Inc > Las Vegas, NV USA > www.xidix.com > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John > Tolmachoff (Lists) > Sent: Wednesday, June 11, 2003 4:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] Somewhat OT: Registry Security > > I am not a programmer, but what not have a com object or other > executable > that the asp script can call to read the registry using the system > account? > I would never ever let anything that has to do with a web site modify > the > registry. > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > > [EMAIL PROTECTED] On Behalf Of Aaron Clausen > > Sent: Wednesday, June 11, 2003 4:37 PM > > To: IMail Forum > > Subject: [IMail Forum] Somewhat OT: Registry Security > > > > I'm about to embark on a small ASP project to give our users the > ability > to > > manipulate their Declude spam files. This will require that the > script go > into the > > registry to read some IMail information. We have hundreds of users, > so I > am not > > going to be using NT authentication, but a custom auth system based > upon > email > > address and password. > > > > This will be running on a Win2000 server and IIS5, so naturally, the > anonymous > > user that the ASP scripts will be running under will have to have > permissions to > > read (and possibly modify) the registry. Is this an advisable course > of > action? They > > will still have to have a userid and password to get in, and only the > subweb where > > the ASP application sits will have those permissions. Or is this just > a > bad idea all > > around? > > > > -- > > A. Clausen > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > --- > [This E-mail scanned for viruses by Declude Virus > (http://www.declude.com)] > > > --- > [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
