| |
The following values are used for user access permissions, assigned to
the client session. These permissions can be changed by the server
application using either the Authenticate method
or setting the ClientAccess property. These permissions are
also assigned to virtual users using the AddUser method.
| Value |
Description |
| httpAccessRead |
The client can download files and retrieve other resources using
the GET command. This permission also allows the client to obtain
information about a specific resource using the HEAD command. The
resource that the client is attempting to retrieve must also have
read permission, otherwise the command will fail. |
| httpAccessWrite |
The client can modify existing files or create new files using
the PUT command. The directory where the client is attempting to
create or modify the file must also have write permission, otherwise
the command will fail. This permission is not granted by default to
clients if the server is started in restricted mode. This permission
is ignored if the server is started in read-only mode. |
| httpAccessExecute |
The client can execute scripts and CGI programs. If this
permission is not granted to the client, it will be unable to use
the GET, HEAD or POST commands if the resource is a program or
script registered with the server. This permission is not granted by
default to clients if the server is started in restricted mode. |
| httpAccessList |
If the client issues a GET command and the resource specifies a
directory, this permission allows the server to return a list of
files to client if a default index file cannot be found. If this
permission is not granted to the client, the directory must contain
a default index file, otherwise the server will return an error.
This permission is ignored if the server is started in restricted
mode. |
| &H100000 |
httpAccessRestricted |
The client is restricted to accessing documents using the GET
and HEAD commands, and those documents must be located in the root
directory for the virtual host or in a subdirectory. The client
cannot execute scripts, submit data to the server using the POST
command or upload files using the PUT command. |
| &H800000 |
httpAccessDefault |
This value specifies that the default permissions should be
granted to the client session. If the server is in restricted mode,
the client will only be able to use the GET and HEAD commands to
retrieve documents. If the server is not in restricted mode, the
client can use all valid HTTP commands. This is the recommended
access permissions for most clients. |
The following values are used for file access permissions, assigned to
files and directories using the AddPath function.
| Value |
Description |
| httpAccessRead |
If the virtual path specifies a file, the client can use the GET
command to retrieve the contents of the file and the HEAD command
will return information about the file. If the virtual path
specifies a directory, the client can use the GET command to
retrieve the index file for that directory. If the file or directory
does not have this permission, the server will return an error to
the client. |
| httpAccessWrite |
If the virtual path specifies a file, the client can modify the
contents of the file using the PUT command. If the path specifies a
directory, the client can use the PUT command to create a new file
or replace an existing file in the directory. |
| httpAccessExecute |
If the virtual path specifies a script, the client can execute
the script using either the GET or POST commands. If the path
specifies a directory, then all scripts in that directory can be
executed. |
| httpAccessList |
If the virtual path specifies a directory, and there is no
default index file present, the server will return a list of files
in that directory to the client. If this permission is not
specified, the server will return an error if the directory does not
have a default index file. It is recommended that you do not specify
this permission when assigning the httpAccessExecute permission to
a directory. |
| &H100000 |
httpAccessRestricted |
Access to the file or directory should be restricted to using
the GET command to retrieve documents. This is effectively the same
as only specifying httpAccessRead as the file access permissions.
If this permission is combined with any permission other than
httpAccessRead, those permissions will be ignored. |
| &H200000 |
httpAccessProtected |
Access to the file or directory is protected by a username and
password. Clients should only be permitted to access the resource if
they provide valid user credentials to the server. If this
permission is assigned to a virtual path, the default command
handlers will require the client to authenticate itself to permit
access to the resource. The server application is responsible for
authenticating the session. |
| &H800000 |
httpAccessDefault |
This value specifies that the default access permissions should be
granted to the file or directory. If the virtual path specifies a
file, the client can use the GET command to return the contents. If
the path specifies a directory, the client can use the GET command
to return the index file or a list of files in the directory. If the
server is in restricted mode, it will return an error if a directory
does not have an index page. |
Remarks
When a client establishes a connection to the server,
it is granted a default set of user access permissions based on the initial
configuration of the server. By default, the client is granted all
permissions, which means the client may use any valid HTTP command. If
the server is started in restricted mode, then the client is only granted
permission to read files. This means that restricted mode clients cannot
obtain directory listings of files, nor can they create files or execute
CGI programs. The user access permissions define the types of HTTP commands
that the client is permitted to use. However, server options and individual
permissions on specific files and directories can further limit what
actions the client can take.
When these permissions are used in the context of file access, they
can restrict the actions that any client can take, regardless of the
user permissions assigned to the client session. For example, a client
session may have the httpAccessWrite permission, which allows the
use of the PUT command. However, unless the folder that they are
attempting to create the file in also has httpAccessWrite permission,
the PUT command will fail.
For security reasons, when the server is started, regular files only have
the httpAccessRead permission and directories only have the
httpAccessRead
and httpAccessList permissions assigned to them. If you wish to allow
clients to upload files to your server, or execute scripts stored in a
directory, then you must create a virtual path to a physical directory and assign
it the appropriate permissions. In both cases, best practices dictate that
the physical directory should be located outside of the root directory of
the server.
If you assign the httpAccessExecute permission to a virtual
directory to allow clients to execute scripts using the GET or POST commands,
you should make sure that clients cannot list, create or modify files in
that directory. The scripts in that directory must have a registered
handler, created using the RegisterHandler method. It is
not necessary to create a virtual path to a CGI program registered
using the RegisterProgram method because execute
permission for that program is granted by default.
If you assign the httpAccessRestricted permission to a session
by setting
the ClientAccess property, the server will impose significant
limitations on the client. This permission provides a high level of
security, ensuring that the client cannot access any other documents
outside of the server root directory; however, it also prevents the client
from executing scripts or submitting data. If the website depends on server-side
scripts and the use of CGI programs, assigning this permission may effectively
disable use of the site for that client session.
See Also
ClientAccess Property,
AddPath Method,
AddUser Method,
Authenticate Method
|
|