Securing a Non-Business Desk Application

When you unpack a non-Business Desk application, if you use an Unpack.vbs script file that you created, you must delete or secure the file immediately after unpacking. The file exists in the root directory, and can be accessed by anonymous users. Unauthorized use of this script could lead to denial of service or the breaking of site settings.

The Unpack.vbs file does need to be present if you repackage the site.

Commerce Server Site Packager does not affect Windows access control lists (ACLs).

After you unpack a site, you should lock down some of the files and folders on your Commerce Server site by changing permissions on them. You can also limit access to files by setting Web server permissions. For more information, see How Web Server Permissions Are Set.

In the Commerce Server Solution Sites, the Unpack.vbs file is secured by default.

Copyright © 2005 Microsoft Corporation.
All rights reserved.