The risk of granting to IUSR* NTFS permissions on a folder on the server

I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot".

The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous re开发者_JAVA技巧quests) in that folder. The folder has only that file, and has no other use.

It works so far :)

But, what is the risk? what should I be afraid of?

As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :)

What do you think? May the file or even the server itself get compromised because of this?

Thanks.

As long as the folder does not have any other files/folders, there will not be any negative/downside to this.

If you want to tighten security even more, you can give allow permissions on the file alone and not the containing folder.