Hello,
I have a web with Anonymous Authentication enabled. Basic and Windows Authentication ar not enabled.
Now I would like to allow upload to a folder (pdf), but only when users have an local IP address. (Internet should only read the content of the pdf folder, the local users should be able to read and write/upload).
For the local users I created a ASP upload form and I inserted a check for the IP address in the upload form. This works very good with classic ASP.
Now I changed the Security of the pdf folder for the IUSR user from read only to Modify and the upload form works fine.
Q: Would this be a security problem? Can anybody upload via port 80 scripts to this folder and executes this? Maybe with Telnet? Thanks for any thoughts ...