[isalist] RES:Re: Users using IE 7 can list all the content of an FTP Folder
- From: "Nivaldo Soraggi Fernandes \(ASABH\)" <nivaldo@xxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 27 Dec 2006 19:23:16 -0200
I have only my FTP log files, in the log I can see that first IE
tries to log with an anonymous user, than if it fails it asks for a
user, but this entry are logged even when I trie to access trough an IE
6.0. I have made tests with another IIS server (5.0) placed in another
enterprise that i work for, and I got the same result. I have tried
other forums and I found only one guy with the similar issue, but no one
knew how to help him.
I made another test changing the configuration of my FTP insteado of
isolate the user, i follow the default configuration, where i have to
manually specify where the folder of each users are. In this
configuration i have no troubles. The problem is that i host web pages
for a great number of clients, and the idea of configuring each FTP to
each website makes me nuts...heheh
_____
De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
Em nome de Jim Harrison
Enviada em: quarta-feira, 27 de dezembro de 2006 19:18
Para: isalist@xxxxxxxxxxxxx
Assunto: [SPAM] - [isalist] Re: Users using IE 7 can list all the
content of an FTP Folder - Email found in subject
Got captures?
If you can access & modify all folders within the FTP site from IE7 and
IE6 behaves differently, then it seems that you're authenticating
somewhere along the line.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Nivaldo Soraggi Fernandes (ASABH)
Sent: Wednesday, December 27, 2006 1:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Users using IE 7 can list all the content of an FTP
Folder
Importance: High
Hi guys, I know this isn't your focus, but I'm posting this question
here for two reasons, the first is because i Trust in your knowledge,
and the second because, maybe someone is having the same problem that
i'm having.
What is happening is that users tha have Internet Explorer 7.0 can
access all the contents of my FTP site. I have configured my FTP (IIS
6.0) to isolate users, so in that way if I enter my ftp website with the
user TESTE, the only content that i see is the content inside the folder
TESTE placed in my FTP Site. This functions perfectly in versions of IE
that are not the 7.0. In IE 7.0 when i access the site with the user
TESTE (ieg.) it returns to me all the folders in the root directory, and
worst, i can view and modify any file beneath the root folder.
Now can anyone tell me is that a serious flaw in IE?? in IIS?? Or I
am missconfiguring something (I allready checked all the security
configurations)
PS:. I'm not allowing anonymous access in FTP access.
Tks to all,
Nivaldo Soraggi Fernandes
MCP
70-290 - 70291
All mail to and from this domain is GFI-scanned.
Other related posts:
