Published: 2004-06-10
Applies to: Content Studio ver. 4.x - 5.x
Type: How to
More information
All objects in the Content Studio document system (i.e. Site root, units, categories
and documents) has its corresponding folder or file in the underlying file system.
A request from the Internet typically goes to the main default.asp file and then
is redirected to the file that represents the requested document/documents in the
file system without reading any content from the database. The database only does
a lookup on the requested documentid (as found in the id parameter in the querystring)
and translates it into physical file name. During the lookup the caller's permission
is checked and if the BROWSE permission is not found Content Studio denies the request
and refuses to return any file name. To bypass this security check it would be possible
for a caller to make a request for the file directly. This is virtually impossible
since the file name consists of a GUID + the original file extension and there is
no possibility to guess or try to find the GUID that represents the file using brute
force. In addition Content Studio also adjusts the DACL of any underlying object
where the BROWSE permission is granted or denied. The browse permission in Content
Studio is translated into the READ/EXECUTE permission in the file system. This has
the consequense that no trustee besides the CS_Runtime account has any permissions
higher than this. One exception is the Administrator group which is given the WRITE
DACL permission in addition to the READ/EXECUTE permission. This makes i possible
for an administrator to make changes in the file system by first granting themselves
the permission needed before doing their work. There is normally no need to do this
except when running the installation program and therefor the administrators alias
is given the MODIFY permission on the site root in order to be able to update the
site root files such as default.asp and global.asa. The other permissions in Content
Studio is not stored in the file system since all work besides reading is done by
the CS_Runtime account. Documents and folders are created, updated and deleted exclusively
by this account. This also has the effect that all these objects are owned by this
account unless CS_Runtime is a member of the local administrators group which is
something that you should avoid by any means.