I am using perl on a windows 2003 server with IIS6. I have written a script that needs to access confidential files uploaded by the user. The files are stored in a folder in the cgi-bin. However, I do not want the files to be accessible via weblink. So, I have 'read access' for this particular folder disabled in IIS.
The files are not accessible via weblink, but I need for the user to be able to open the documents that he/she uploaded.
The users logins (usernames and passwords) are stored in the cgi-bin in a csv file.
I've searched the database but couldn't find anything exactly matching this situation.
Any ideas would be greatly appreciated!
Unless I've misunderstood your question, you're trying to limit user access at the application level, not the service level.
If you want users of your web app to be able to access files that they uploaded then your authorization check needs to be done in the application, as opposed to at the edge (by web server).
So every uploaded file is tagged with it's owner (a database record, or a per-owner directory) and access to files is restricted by a small bit of code that checks the authenticated user against the file owner.
The directory in which the files live is readable and writable by the web server user, as that's the user the perl will run as, but it is not configured into IIS as availble for regular HTTP GET access.
It is neither under the HTML document root, nor under the CGI-BIN directory. It is a completely separate directory.
Related
I have been doing some basic application access and privilege management.
And to fully understand the access permissions of UWP applications, I decided to create one on my own and check.
As given in MSDN, the app was able to access the files mentioned here.
Now, I know that UWPs run in a sandboxed environment and they aren't given full access to all files in the system.
But is there any way for the admin user to grant the application rights to access files in the drive, for instance, the system32 file or a random text file that the user saved in C drive?
Yes, your app can declare the "broadFileSystemAccess" capability and then it can access all files in the system that the user has access to, given the user provides consent to this capability.
See documentation here:
https://learn.microsoft.com/en-us/windows/uwp/files/file-access-permissions
In my Jenkins home dir I see these configs for all my users:
"c:\Program Files (x86)\Jenkins\users\someuser\config.xml"
What is this config? Looks like its caching their sessions or something? Do I need to backup these files? What woudl the impact be if the users folder got deleted?
I should add that Im using active directory for auth so these aren't internal jenkins users they are AD users. Which is why Im wondering what config jenkins is keeping for them
You should backup those indeed. These folders contain user-specific configuration data, like public keys or api access tokens (see user's "configure" menu in the Web interface).
I have a computer that is used for getting database information from the server in the same domain, and this computer is used by employees who don't have the server admin information.
When the computer restarts, I'd like it to automatically log in to Windows Server so that it can access the database files. Is it possible to write a script for this that runs on boot?
Thanks in advance
I solved this by adding the credentials to the Credentials Manager in Windows, along with disabling the Windows Server dashboard program. This makes Windows automatically log in to the server with the stored credentials on boot.
Since your question really isn't specific, I'd like to suggest two ways of accomplishing your goal.
Since you'd like to access database information, why not use some kind of database management software (like SSMS if you're using MSSQL) and set up proper permissions for the user/computer that will need to obtain information from that particular server/database.
If you need access to raw files (which doesn't make much sense in case of MSSQL for accessing purposes), why not set up proper permissions on the file or parent folder, giving the user that is logged to the client PC proper permissions to access the files that are of interest.
I had uploaded files mostly media files to Azure's File Storage, which I am able to see in Azure's Explorer as well. But when I view the file as anonymous user, I am not able to view the file. Tried to check with Permissions setting as well, but to no avail.
Any help would be welcomed :)
Azure files have Shared Access Signatures (SAS). This is a key that you compute with the storage account key, that gives access to a particular URL. Here is an example (storage account name is obfuscated here):
https://mystorageaccount.file.core.windows.net/sampleshare/2.png?sv=2015-04-05&sr=f&si=sampleread&sig=Zq%2BfflhhbAU4CkCuz9q%2BnUFEM%2Fsg2PbXe3L4MeCC9Bo%3D&sip=0.0.0.0-255.255.255.255
You have sample code on how to create a SAS with Azure files at https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-files/, ยง"Generate a shared access signature for a file or file share".
You can also do it interactively with a number of tools. For instance, CloudXPlorer has this feature.
I need to create a temporary folder that will be accessed from the application only.
It means that even current user and system administrator are not able to open it from the Explorer.
While application is running, there'll be some files put into it. Once it's terminated, folder and all its content are deleted (again programmatically, no manual delete ability).
P.S. I found few posts here but there are no proper solution given yet.
Thanks in advance.
Windows security does not work that way. You cannot restrict access by application, only by user. If you want only your app to have access to a given resource then you have to create a new user account, configure the resource to grant access to only that user, and then run your app using that user, or at least have your app impersonate that user when needed. Files/folders are securable objects, and Windows security is based on user accounts.