I'm adding a new feature request, since the last feature
was closed.
Since the product now supports relative paths, please
add a web.config file to the XmlFileStorage subdir that
prohibits access to the contents of the directory via
HTTP.
I started working on this when I realized it protects the file
already. You don't have to configure the XmlDataStore
directory to be writable in IIS. You only have to give
Modify/Change permission to the ASPNET account (or
whatever account you use for ASP.NET applications) on the
file system. The code that handles the XML data store
doesn't use HTTP to make modifications, it uses the file
system.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=798378
I started working on this when I realized it protects the file
already. You don't have to configure the XmlDataStore
directory to be writable in IIS. You only have to give
Modify/Change permission to the ASPNET account (or
whatever account you use for ASP.NET applications) on the
file system. The code that handles the XML data store
doesn't use HTTP to make modifications, it uses the file
system.