Ah..my fault..I should have explained better. Yes, the write permissions are via explorer. Not in IIS. So if I'm understanding you correctly...there shouldn't be any security concerns about setting a file to have write by anonymous via explorer? As long as IIS is set to read (which it is) it is safe? Why is my sys admin throwing such a fit? How can I explain to him how secure this is or am I missing something? Angie
>>> ""Crash" Dummy" <[EMAIL PROTECTED]> 02/07/02 12:26PM >>> Let me clarify. You do need write permission set for the anonymous user in NTFS, as set with Explorer, but not for the server service, as set with the IIS MMC. This allows scripts to write but does not allow direct access by the anonymous user or guest accounts. Guest accounts are not required. Filtering is controlled by the script. Direct access by the anonymous user can be set to read only, using IIS, to allow retrieval by the client, or blocked completely, if you prefer. -- Dave "Crash" Dummy Certified Dilettante [EMAIL PROTECTED] http://lists.gpick.com -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
