Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...CheckDiskAccess Hackers could access drives/folders outside the websiteCheckDiskAccess Hackers could access drives/folders outside the website
Previous
 
Next
New Post
6/13/2017 4:02 AM
 

DNN 9.1

Just trying to understand what this means and what the correct settings are. I run my DNN sites in their own app pools with what I thought were standard/required permissions. How do I change permissions to rectify this so my sites are locked down?

 

Thanks!

 
New Post
6/24/2017 8:51 PM
 
Did you ever get an answer to this?
 
New Post
6/26/2017 8:49 AM
 
What is exactly is this CheckDiskAccess issue?

More detail please.

"if the only tool you have is a hammer you tend to see every problem as a nail" http://www.carawaydesign.com
 
New Post
6/26/2017 9:48 AM
 
The problem is most likely that new users by default are members of the Windows USERS group, which in turn has these access rights. Not sure what is recommended best practices here though if you should remove the IIS users from the USERS group, might have other side effects.
 
New Post
6/30/2017 1:43 PM
 
The solution to this is to use a dedicated partition for your DNN instance. Then remove Users and Everyone from the root of that partition and set IIS Apppool identity to Modify permissions on the folder where your instance runs. That will make that warning go away. But there is more... there is a bug in the security analyzer https://github.com/DNNCommunity/Secur.... Timo and I ran several tests and it seems that even after implementing the above it does not secure everything. You must understand that a web server is not the place where you store confidential files at all. Bottom line is that even after extensive testing we (Timo and me) do not understand how it is still possible that with a specially crafted aspx page we were able to write files on almost any folder on that particular machine. Needless to say that the issue Timo and I found does not have anything to do with DNN. It is a .Net and IIS issue or maybe even a design issue in Windows Server. I don't know and I wish we could discuss this with some IIS, .net guru in a Skype meeting with all of us.

www.server-essentials.com is a community for IT Consultants and Business Owners who, themselves, take care of the IT infrastructure and Employees who do that little extra in the company to keep things running. Our forum is for discussing all things ‘IT’ and more. Our documentation is top notch and written by and for the community. Join now at https://www.server-essentials.com/secure-registration
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...CheckDiskAccess Hackers could access drives/folders outside the websiteCheckDiskAccess Hackers could access drives/folders outside the website


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out