---------- Original Message ---------------------------------- From: "Ives Stoddard" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Thu, 12 Jun 2003 10:16:46 -0400
>COM is the best way to go, and scales better. Handle auth with whatever >mechanism you're comfortable with. Build the app such that it can only modify >very specific registry keys (focus on validation for those values before >changes are commited to the registry). This will help prevent exploitation. >Make sure that file (executable or script like Perl or VBS) is read-only to >any account that is actually calling it from the web server. Thanks for all the tips. One thing I have stumbled on (I had forgotten all about it) is setting the security on registry keys using REGEDT32. Now, while getting the IMail registry section hacked would be a major pain in the a**, we do frequent (four times a day) backups of those keys, so even a hack would not be an absolute catastrophe. So, do you think it reasonable that I create a user that has permissions in both the IMail registry keys and the IMail directory on the drive, and run the ASP scripts in that user context? -- A. Clausen [EMAIL PROTECTED] -- To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
