I currently have a PHP site running on an IIS7.5 server.
I use the built url rewriting tool for IIS in the web.config.
My CMS admin has the ability to allow the user to write their own rewrite. So my admin tool, written in PHP needs write modify permissions for the IUSER in order for PHP to modify the file. However I figured that was probably not good practice for security so I decided to move the rewrites into a rewrite.config file that the web.config references. I then give write/modify permissions to the rewrite file and not the web.config.
The only problem is that IIS caches the external rewrite file and won't reload it unless the web.config's last modified date is cached. I can manually force the server to reload my rewrite.config file by opening the web.config in a text editor, adding a space or something and then clicking save, the server then notices the last modified date has changed and then reloads the rewrite file with the new rewrite.
I can't continue to do this forever though, I need my admin tool to allow users to add their own rewrites without having to call me to make a change in the web.config before their rewrites take effect.
I learned that I can call the touch function in PHP on the web.config file and that solves my problem, because it changes the last modified date on the web.config file. However in order for touch to work PHP needs the IUSER to have write permissions to do so but not modify permissions.
So finally my question is... security wise, is it okay to leave the web.config with IUSER permissions to read and write but not modify? Or is that still a security issue.
If so, what vulnerablities am I creating for this site? And, how can I change my approach to not open myself up to these vulnerablities?
