[isalist] Users using IE 7 can list all the content of an FTP Folder

  • From: "Nivaldo Soraggi Fernandes \(ASABH\)" <nivaldo@xxxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 27 Dec 2006 19:06:27 -0200

    Hi guys, I know this isn't your focus, but I'm posting this question
here for two reasons, the first is because i Trust in your knowledge,
and the second because, maybe someone is having the same problem that
i'm having. 
 
    What is happening is that users tha have Internet Explorer 7.0 can
access all the contents of my FTP site. I have configured my FTP (IIS
6.0) to isolate users, so in that way if I enter my ftp website with the
user TESTE, the only content that i see is the content inside the folder
TESTE placed in my FTP Site. This functions perfectly in versions of IE
that are not the 7.0. In IE 7.0 when i access the site with the user
TESTE (ieg.) it returns to me all the folders in the root directory, and
worst, i can view and modify any file beneath the root folder.
 
    Now can anyone tell me is that a serious flaw in IE?? in IIS?? Or I
am missconfiguring something (I allready checked all the security
configurations)
 
PS:. I'm not allowing anonymous access in FTP access.
 
Tks to all,
Nivaldo Soraggi Fernandes
MCP 
70-290 - 70291
 
 

Other related posts: