CGI and COM

Thu Feb 24 19:20:14 EST 2000

In NT at least, for cgi (not ASP) the IIS account is derived from the
system account.

I would spawn another process, use the reverttoself win32 call to revert
that process back to the system account and then become whomever you
want to do whatever you want (there are some limitations because the
system account is a local account).

If you look in the overviews section in win32 help for python, if you
have a recent enough version, it will describe more details regarding
impersonation. Maybe you can adapt that to win2000.

Otherwise, an easier thing would be to setup a role in MTS/COM+ to allow
access to a COM component which runs as administrator.

I wouldn't want a guest login to directly be run as administrator.

john

In article <000801bf7ec0$9da94500$d300a8c0 at Alexis>,
  =?iso-8859-1?Q?Ulf_Engstr=F6m?= <ulf.engstrom at b2b-link.com> wrote:
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0005_01BF7EC8.FF2A8980
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> I've just started with some COM-programming with the win32com package,
=
> and I get the part I want to working correctly when I run it in IDLE
or =
> in any way, except that I know want it to be done from a CGI-script. =
> (I'm writing params to a program with COM)
> I know this raises some security issues when run as CGI, but is there
a =
> way do overrun this? I'm running W2k with IIS5. I tried to set guest =
> login to use Administrator, this made the script take forever, but
still =
> came out negative.
> Some other way?
> Regards
> Ulf (Alexis)
>
> ------=_NextPart_000_0005_01BF7EC8.FF2A8980
> Content-Type: text/html;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META content=3D"text/html; charset=3Diso-8859-1" =
> http-equiv=3DContent-Type>
> <META content=3D"MSHTML 5.00.2919.5500" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2>I've just started with some =
> COM-programming with=20
> the win32com package, and I get the part I want to working correctly =
> when I run=20
> it in IDLE or in any way, except that I know want it to be done =
> from a=20
> CGI-script. (I'm writing params to a program with COM)</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>I know this raises some security
=
> issues when=20
> run as CGI, but is there a way do overrun this? I'm running W2k with =
> IIS5. I=20
> tried to set guest login to use Administrator, this made the script
take =
>
> forever, but still came out negative.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>Some other way?</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>Regards</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>Ulf
(Alexis)</FONT></DIV></BODY></HTML>
>
> ------=_NextPart_000_0005_01BF7EC8.FF2A8980--
>
>

--
nielsenjf at my-Deja.com

Sent via Deja.com http://www.deja.com/
Before you buy.