Alpha Video Training
Results 1 to 4 of 4

Thread: Aliases - Confussed...Creation...Shares

  1. #1
    Member
    Real Name
    Joe
    Join Date
    Mar 2009
    Location
    NY
    Posts
    509

    Default Aliases - Confussed...Creation...Shares

    Hi Guys...

    I'm very confused by Aliases and I'm over thinking it...I think. I understand their use but the setup has me lost. BTW...I'm trying to create a web app but it only works locally.

    The examples I've read either point to a local file C:\mydata or UNC \\server\mydata

    If the data is local to the Application server I would think you would only specify the local path for the data folder. ex. D:\mydata or in my case D:\alpha data\arcapp

    When and why would I ever want to use a UNC? Why would I expose those data files to the users on the network? If it has to be a UNC then what is the minimum share and folder level permissions needed? Yes, I could encrypt the data files but why even let the users know what is out there.

    Joe

  2. #2
    Volunteer Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,842

    Default Re: Aliases - Confussed...Creation...Shares

    Correct, you only need a UNC if your data is on the network, but not on the server that hosts your pages, like //otherserver/share/path

    Also, if you are INSIDE of your firewall and want to run the web app, your Alias can be a normal path or UNC, but the URL to get to your web app would take the form of the UNC. (That is, http://www.domain.com... would not work from inside the firewall).
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  3. #3
    "Certified" Alphaholic
    Real Name
    Andrew Schone
    Join Date
    Dec 2005
    Location
    Kansas
    Posts
    1,047

    Default Re: Aliases - Confussed...Creation...Shares

    Due to security concerns it may at times be advisable to store data on a machine separate from the application hosting machine. The data would only be "exposed" the network users if your network was configured to allowed it. You protect the data by segmenting the network, share permissions and NTFS permissions.

    For minimum share and folder level permissions this would depend on what you need to do with the data. In cases like these there are no good answers that can be given without knowing the full scope of the application.

    I do not run the AppServer I only work in the desktop side. My theory is that all data access across the UNC will be done with the credentials of the account running the App Server process. You can determine the account name by looking at the User Name column of Task Manager for the App Server process.

    To determine minimum access first remove all share level access and all of the NTFS level access to the data. Both lists will be empty at this point. Next using the built in Windows functions enable auditing for data access, both success and failure. http://support.microsoft.com/kb/310399. Then run your application, of course your app will generate errors on data access. Now is also a good time to code traps for the errors, in case your network goes offline during normal production times. Scan your security logs for the audit entries, then granularly give permissions to the accounts that are shown in the audit logs. Ideally the only account that needs access will be the account running the App server. Retest your app and rescan the logs until you no longer get access failures from the normal operation of the application.

    Once your done the only accounts listed in the share permissions and the NTFS permissions are the ones needing access, all other accounts listings are removed. To backup data, make sure the account that is running your backups is a member of the backup operators group.

    It is possible to use a URL like www.somedomain.com and have it point to an internal machine. This can be with an internal DNS server. You should not use not use an external DNS server to resolve an internal hostname.

  4. #4
    Member
    Real Name
    Joe
    Join Date
    Mar 2009
    Location
    NY
    Posts
    509

    Default Re: Aliases - Confussed...Creation...Shares

    Thanks for the thorough replies. If only the App Server is connecting to the data then this is pretty easy to lock down. I can easily move the data to my HP/Lefthand SAN which is on its own V-Lan. I wasn't sure if it needs to be a network share for it to work within the browser. I've never developed anything before so sometimes reading, doing, and what I know add up to a lot of questions.

    Thx.
    Joe

Similar Threads

  1. Aliases
    By Garry Flanigan in forum Alpha Five Version 8
    Replies: 1
    Last Post: 06-25-2007, 07:28 AM
  2. using aliases
    By Corinne Hoyman in forum Alpha Five Version 6
    Replies: 6
    Last Post: 10-13-2006, 05:37 PM
  3. Using Aliases
    By Howard G. Cornett in forum Web Application Server v6
    Replies: 3
    Last Post: 10-03-2005, 05:04 PM
  4. System Aliases vs Profile Aliases
    By Bob Moore in forum Web Application Server v6
    Replies: 6
    Last Post: 06-28-2005, 08:37 PM
  5. Aliases
    By Tom Henkel in forum Alpha Five Version 5
    Replies: 6
    Last Post: 08-02-2004, 06:38 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •