>>What are the dangers involved in giving the IUSER account write and modify privileges?
>>
>>Probably a real noob question... but I have always wondered about this, and have never seen a good answer for it.
>>
>>John
>
>Wow same answer I found when I googled it <g>
>
>(i.e. none)
>
>It sounds like a horrible idea... but so far I haven't found an explanation of what the real ramifications are.
It's complicated ;-) Usually, if you need your web app to run with more permissions, you should create a new user and assign it permission, then change IIS to run under that user ID. I can't do the subject justice here, but here are some links that at least go into the various security modes available, how things work, etc. There is a ton of info available on David Wang's blog.
http://blogs.msdn.com/david.wanghttp://www.eggheadcafe.com/articles/20050703.asphttp://support.microsoft.com/default.aspx?scid=kb;en-us;317012http://west-wind.com/weblog/posts/2153.aspx#2160The issue is that if you give write/modify access to IUSR, then anyone accessing the effectively has those same permissions. If they can compromise your site (eg. upload a file and get it executed), it will happen under that account. There are ways of temporarily impersonating other users, putting special permissions on some folders that only admins have access to (via NT authentication), etc. that can help reduce the changes things can be compromised.