This section will be of particular interest to those, such as Internet Service Providers (ISP), who host web sites.
SA-FileUp is licensed on a per-server basis. There are no per-user, per-processor or per-concurrent upload license costs. If the ISP is hosting multiple sites or clients on a single server, every site or client on that server can create an instance ofSA-FileUp and start performing uploads.If a single customer purchases
SA-FileUp and wants the ISP to install it on their server, it will automatically be available to all customers on that same server. You can limit usage to only a single customer.When a customer is interested in
SA-FileUp, many ISPs elect to purchaseSA-FileUp on their behalf. There are several reasons for this:
- The ISP is directly supported by Software Artisans, Inc. rather than passing through the intermediary of their customer.
- The upload and secure download features of
SA-FileUp are additional features that can be offered by the ISP to prospective customers.- The price is reasonable.
An ISP customer cannot install
SA-FileUp without the assistance of the ISP. Even if your customer transfers the SAFILEUP.DLL to your server, it still requires administrator access to register the DLL in the system registry. This is step 2 of the installation procedure.
As mentioned previously, by default
SA-FileUp will be available to all customers hosted on your web site. With IIS 4 or later, it is possible to finely tune security settings on a per-virtual server or per-site basis. If you want to restrict usage ofSA-FileUp to particular virtual servers or sites, you must use IIS 4 or later. The procedure is as follows:
- Create a specific NT account with "log on locally" rights.
- Using the IIS 4 or later Microsoft Management Console, set the anonymous user for the chosen site to be the newly created account.
- Ensure that the NTFS permissions on SAFILEUP.DLL allow access by the newly created account only, and not IUSR_MachineName. This will prevent other users from creating an instance of
SA-FileUp .
For maximum security, it would be prudent to occasionally audit your customer's ASP code. In particular, you should verify:
- That the destinations of the uploads are in appropriate directories.
- That an instance of
SA-FileUp is not created as an ASP Application variable. Creating an instance ofSA-FileUp as an Application variable is a security risk.
It is possible to disable certain features of
SA-FileUp via Registry settings. Of particular importance is the ability to restrict uploads to virtual directories.
| Previous Page | Next Page |