Domain permissions on IIS

ICE9

Hi, i'm looking for security holes in my code, and would like any suggestions. My Intranet site runs PHP on IIS6 and grants permissions by domain accounts. The permissions are open on all PHP files except the one that I use in an include.

This is the method i use to check permissions in PHP, and would like to know if i'm missing any obvious (or even not-so-obvious) security holes.

A file called managertest.php is assigned NT permissions so that only managers can access it. Any script which needs to know if a person is a manager runs this.

$management = 'No';
include 'managertest.php';

managertest.php returns the variable management='Yes'

Since managertest.php is only accessible to those in the correct NT group, this checks thier permissions.

So, is this method safe? Is there a better way?

bubblenut

It will produce a warning when it fails, I'd use [man]is_readable()[/man]. In terms of how secure this method is, I'm afraid I don't know enough about windows to say, however I would think that this is a frequent enough requirement for there to be an extention out there for it. Have you tried googling for one?