March 22nd, 2012, 10:44 AM
Giving Full Control to Network Shares
Trying to get a read on what others think of this...
We sell a Windows based CRM product and the maker of that product has come out with a Safari based app that allows access to the CRM data via iPhone/iPad. It uses IIS as the webserver and in order to make it operate correctly you have to either change the AppPool identity to a domain user that has full rights to the CRM app's share or change the share permissions to give full rights to the IIS machine account.
I personally don't think this is a great idea from a security perspective. Any thoughts?
March 30th, 2012, 03:53 AM
It depends on your application, but try to limit the users full access rights where is possible. By example if you need to save files/file uploads to some folder, change only that folder write permissions. The other files should have only read/execute permissions.