In preparation for moving our site, I've been learning the Persits utilities that are hosted on WinHost's servers. After some successful testing, I am converting our current ASP-based file upload code to Persits' ASPUpload methods. I have a couple of questions to help me complete this process. 1. In the Persits documentation (Chapter 10 - hosting issues), it is recommended that some capabilities be disabled "in a shared environment". However it is unclear as to whether this implies that, by default, all domains on a server can inject those processes into other domains. These functions do not appear to be disabled by default. Is this important? 2. We have a need to prevent general, browser-based access to some files. I have not yet found documentation on the ability to "password protect" specific folders. Is this possible, or is there an alternative that would provide a similar functionality?
I'm not sure what the Persits docs are implying, but you cannot run any process on another domain on the server (nor can they on yours). Check out the "Password protecting directories in IIS" Knowledge Base article for help with directory permissions.
Thanks for the answers and link. The Persits docs raised questions that implied that its functions may not be adequately "sand-boxed" on a shared server, thus certain capabilities may have to be disabled. I'll not worry about that at this point.
Well that's an interesting thing for them to say, considering they sold those components to shared hosts. But your site here is indeed isolated from the other sites on the server, so it shouldn't be an issue. I've not heard of a real-world Persits function exploit taking place, but I'll take a look around and see what I can find. Thanks.
