[WEB4LIB] Blocking access to C: drive from browsers
James Klock
j-klock at evanston.lib.il.us
Tue Mar 9 10:06:38 EST 1999
>Regardless of what front end security is setup, once any Internet brow
>ser is opened, they simply type 'C:' into the URL box and 'viola' instant
>access to hard drive (or any other network drive they chose to substitute
for >the above.
First off, if you use a respectable multiuser operating system (Windows NT
counts, if you're leery of linux and other unix varients) you can quickly
and easily prevent users from even seeing most important files, regardless
of how they get to them, just by using the built-in security features.
That said, even if you stick to Windows 9x, entering file://c:/ on the URL
line (in Navigator, at least, IE may handle this differently) will only
open a directory of files. If you've carefully set your browser
preferences to save applications and scripts (exe, com, bat, cmd, and the
like), users will be unable to use the browser to launch any applications.
Personally, I'll stick with using Windows NT.
James
More information about the Web4lib
mailing list