⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 manual_share.html

📁 aspupload
💻 HTML
字号:
🔍 
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Developer Studio">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="KEYWORDS" content="ASP UPLOAD ASPUPLOAD PWS BLOB Personal Web Server IIS Internet Information Server ASP UPLOADING UPLOAD DEC ALPHA AlphaServer AspUpload Persits Software Persits Web ASP Active Server Pages Active Server Component Upload browser TYPE=FILE TYPE FILE Windows NT Web ACL ACE Access Control List Directory Listing Export Attribute FILE FREE RFC ie3 ie4 posting acceptor posting acceptor RFC1867 RFC-1867 1867 Component ENCTYPE multipart/form-data multipart SA-FileUp ActiveFile Database Multiple software artisans activefile vbscript activex jscript netscape internet explorer download downloading unique form limit size">
<meta name="KEYWORDS" content="ASP, UPLOAD, ASPUPLOAD, PWS, BLOB, Personal Web Server, IIS, Internet Information Server, ASP, UPLOADING, UPLOAD, DEC, ALPHA, AlphaServer, AspUpload, Persits Software, Persits, Web, ASP, Active Server Pages, Active Server Component, Upload, browser, TYPE=FILE, TYPE, FILE, Windows, NT, Web, ACL, ACE, Access Control List, Directory, Listing, Export, Attribute, FILE, FREE, RFC, ie3, ie4, posting acceptor, posting, acceptor, RFC1867, RFC-1867, 1867, Component, ENCTYPE, multipart/form-data, multipart, SA-FileUp, ActiveFile, Database, Multiple, software, artisans, activefile, vbscript, activex, jscript, netscape, internet, explorer, download, downloading, unique, form, limit, size">
<meta name="DESCRIPTION" content="AspUpload.com - the home of the most advanced upload solution for a Windows NT/ASP-based Web environment">
<TITLE>AspUpload.com - User Manual. Chapter 10</TITLE>
</HEAD>
<BODY BACKGROUND="bk.gif" LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<BASEFONT FACE="Helvetica, Arial" SIZE=1>

<!-- Main Data table -->
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="705">
<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="160">
<FONT FACE="arial narrow" Size=2>
<B>
	<IMG SRC="spacer.gif" BORDER="0" HEIGHT="15"><BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="index.html">Home</A>
	<BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="whatsnew.html">What's New</A>
	<P>
	<IMG SRC="sq.gif"><IMG SRC="square_pressed.gif"> <A HREF="manual.html">User Manual</A>
	<BR>

	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_intro.html">1. Introduction</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_simple.html">2. Simple Uploads</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_memory.html">3. Memory Uploads</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_db.html">4. Database</A><BR>	
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_progress.html">5. Progress Bar</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_security.html">6. Security</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_image.html">7. Images</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_unicode.html">8. Unicode</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_misc.html">9. Miscellaneous</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small_pressed.gif"> 10. Hosting Issues<BR>

	<P>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="objectreference.html">Object Reference</A>
	<BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="livedemo.html">Live Demos</A>
	<BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="support.html">Support</A>
	<P>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="xupload.html">XUpload</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="jupload.html">JUpload</A><BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="aspjpeg.html">AspJpeg</A><BR>
	<P>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="download.html">Download</A>
	<BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="purchase.html">Purchase</A>
	<P>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="clients.html">Clients</A>
	<BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="otherproducts.html">Other Products</A>
	<BR>
	<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="contact.html">Contact Us</A>


	<FORM TARGET="_new" ACTION="http://support.persits.com/emails/signup.asp">
	<FONT FACE="Arial Narrow" SIZE="2" COLOR="#9C3131"><IMG SRC="sq.gif"><B>Newsletter Signup</B></FONT><BR>
	<IMG SRC="sq.gif"><INPUT TYPE="TEXT" NAME="email" SIZE="15" VALUE="e-mail address"></FORM>
</B>
</FONT>
</TD>
<TD VALIGN=TOP WIDTH=545 ALIGN="LEFT">
<!-- Right Column with data -->
<IMG SRC="sq.gif"><BR>
<IMG SRC="manual.gif">
<BR>
<TABLE WIDTH=540 HEIGHT=2 CELLSPACING=0 CELLPADDING=0 BORDER=0>
<TD BGcolor="#FFCE00"><spacer type=block width=540 height=2></TD>
</TABLE>
<P>	
	<FONT SIZE=2 FACE=ARIAL COLOR="#000000">
	
	<A HREF="manual_misc.html"><IMG BORDER="0" SRC="previous.gif" ALIGN="RIGHT" ALT="Chapter 9: Miscellaneous Features"></A>
	
	
	<B><U><FONT SIZE="3" COLOR="#990000">Chapter 10. Using AspUpload in a Shared Environment</FONT></U></B>
	<P>
	
	<B><FONT COLOR="#0000A0">Disabling Potentially Dangerous Features</FONT></B>
	<BLOCKQUOTE>
	When AspUpload is used in a Web hosting environment, 
	the system administrator may choose to disable certain features of the 
	component that he/she deems potentially dangerous, 
	such as saving files in an arbitrary directory, manipulating ACLs, directory listing,
	file downloading, etc.  
	<P>
	The features are disabled by changing the corresponding values in the 
	system registry. To run Registry Editor, type <B>regedit</B> at the Start/Run prompt.
	<P>
	The registry values used to disable the "dangerous" features are located under the key
	<P>
	<B>HKEY_LOCAL_MACHINE\SOFTWARE\Persits Software\AspUpload3</B>
	<P>
	<IMG SRC="reg.gif">
	<P>
	By default, all the registry values under this key are set to 
	0 (enabled). Setting them to 1 (or any non-zero value) would disable the corresponding feature. 
	<P>
	The following table lists all AspUpload methods that can be disabled
	via registry settings, and corresponding registry values that disable them:
	<P>
	<TABLE WIDTH="400" BORDER="1" CELLPADDING="2" CELLSPACING="0" STYLE="font-family: arial; font-size: 8pt;">
	<TR>
		<TH BGCOLOR="#E0E0E0">Method(s)</TH>
		<TH BGCOLOR="#E0E0E0">Registry Value</TH>
		<TH BGCOLOR="#E0E0E0">Comments</TH>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.Save</B></TD>
		<TD VALIGN="TOP"><B>DisableSave</B></TD>
		<TD VALIGN="TOP">When this main method is disabled, users will be forced 
		to use the SaveVirtual method which accepts a virtual, 
		rather than physical, directory as an argument. 
		This way users will be confined to their own virtual 
		directory and subdirectories.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadedFile.SaveAs</B></TD>
		<TD VALIGN="TOP"><B>DisableFileSaveAs</B></TD>
		<TD VALIGN="TOP">When this method is disabled, users will be forced 
		to use the File.SaveAsVirtual method which accepts a virtual, 
		rather than physical, directory as an argument. 
		This way users will be confined to their own virtual 
		directory and subdirectories.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.LogonUser<BR>UploadManager.RevertToSelf</B></TD>
		<TD VALIGN="TOP"><B>DisableLogonUser</B></TD>
		<TD VALIGN="TOP">Disables user impersonation functionality.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadedFile.AllowAccess<BR>
			UploadedFile.DenyAccess<BR>
			UploadedFile.RevokeDenial<BR>
			UploadedFile.RevokeAllowance<BR>
			UploadedFile.SetOwner</B></TD>
		<TD VALIGN="TOP"><B>DisableACL</B></TD>
		<TD VALIGN="TOP">Disables permission manipulation functionality.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.CopyFile<BR>
			UploadedFile.Copy </B></TD>
		<TD VALIGN="TOP"><B>DisableFileCopy</B></TD>
		<TD VALIGN="TOP">When these methods are disabled, 
		the users will be forced to use UploadedFile.CopyVirtual.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.RegisterServer</B></TD>
		<TD VALIGN="TOP"><B>DisableRegisterServer</B></TD>
		<TD VALIGN="TOP">Disables ActiveX registration functionality.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.RemoveDirectory</B></TD>
		<TD VALIGN="TOP"><B>DisableRemoveDirectory</B></TD>
		<TD VALIGN="TOP">Disables directory removal functionality.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.DeleteFile</B></TD>
		<TD VALIGN="TOP"><B>DisableFileDelete </B></TD>
		<TD VALIGN="TOP">Disables file deletion functionality. UploadedFile.Delete is not
		affected by this setting, however. If Upload.OpenFile is also
		disabled, a user will only be able to delete newly uploaded files.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.SendBinary</B></TD>
		<TD VALIGN="TOP"><B>DisableSendBinary</B></TD>
		<TD VALIGN="TOP">Disables file download functionality.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.Directory</B></TD>
		<TD VALIGN="TOP"><B>DisableDirectoryListing</B></TD>
		<TD VALIGN="TOP">Disables directory listing functionality.
		</TD>
	</TR>

	<TR>
		<TD VALIGN="TOP"><B>UploadManager.OpenFile</B></TD>
		<TD VALIGN="TOP"><B>DisableOpenFile</B></TD>
		<TD VALIGN="TOP">With OpenFile, an UploadedFile
		object can be created from an arbitrary 
		file on the hard drive, and methods such as File.Delete
		can be called. Disabling this method
		limits a user to newly uploaded files only.
		</TD>
	</TR>
	</TABLE>


	</BLOCKQUOTE>
	<B><FONT COLOR="#0000A0">Review of Most Risky Features</FONT></B>
	<BLOCKQUOTE>

	Some of AspUpload's "risky" features are more dangerous than others. Among the most dangerous are:
	<P>
	<UL>
	<LI><B>ActiveX registration</B>. Using this feature, a malicious user can
	place a trojan-horse ActiveX DLL on the server, register and invoke it 
	with simple ASP script.

	<LI><B>Directory Listing</B>. This feature allows users to browser around the
	entire web server's hard drive and download any files.

	<LI><B>Account impersonation</B>.

	<LI><B>File deletion and directory removal</B>.
	</UL>
	<P>
	After installing AspUpload on a shared Web server, it is recommended that 
	most or all of the potentially dangerous features be disabled, or at least some
	of the code samples be deleted from the installation directory. This includes:
	<P>
	<B>\Samples\09_misc\DirectoryListing.asp</B><BR>
	<B>\Samples\09_misc\Download.asp</B><BR>
	<B>\Samples\09_misc\DeleteFiles.asp</B><BR>


	


	<P>
	<A HREF="manual_misc.html"><IMG BORDER="0" SRC="previous.gif" ALIGN="RIGHT" ALT="Chapter 9: Miscellaneous Features"></A>

	<P>&nbsp;
	</BLOCKQUOTE>
	
	


	</FONT>
	<P>
	<TABLE WIDTH=540 HEIGHT=2 CELLSPACING=0 CELLPADDING=0 BORDER=0>
	<TD BGcolor="#FFCE00"><spacer type=block width=540 height=2></TD>
	</TABLE>
	<P>
	<CENTER>
	<A HREF="index.html"><IMG SRC="logo_small.gif" BORDER=0></A>
	<BR>
	<FONT Face=arial size=1>
	Copyright &copy; 1998 - 2001 <A HREF="http://www.persits.com">Persits Software, Inc.</A><BR>
	All Rights Reserved<BR>
	AspUpload&reg; is a registered trademark of Persits Software, Inc.<BR>
	Questions? Comments? <A HREF="MAILTO:info@aspupload.com">Write us!</A>
	</CENTER>

</TD>
</TABLE>

</BASEFONT>
</BODY>
</HTML>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -