I want my site users to upload their images into upload folder inside my site.</o:p>
Is it ok and safe (in security wise) to give a read, write access to anonymous in order to upload images.</o:p>
I'm using more than one upload folder, </o:p>
One for news another fore article, etc...</o:p>
</o:p>
What is the best practice in such case?

It can or cannot be safe depending upon how you code your application. Just setting the permissions will not result in an exploit. Though this in combination with a vulnerability in your application could yield an exploit.



Joel Thoms
DiscountASP.NET
http://www.DiscountASP.NET

This can be dangerous if you allow people to upload unrestricted file type to your site.

For example, i can upload an ASP file to your site that delete all files on your site. On the other hand, if you only allow them to upload .jpg file to your site, that would not cause much harm.

Bruce

DiscountASP.NET
www.DiscountASP.NET (http://www.DiscountASP.NET)

Thanks,http://community.discountasp.net/emoticons/smile.gif
In FrontPage I foundan option where I can remove select from option "Allow script to be run".</o:p>
I do not know if this option will stop running any harm coding in asp, JavaScript or any other type of scripts.</o:p>
</o:p>

that'll work!

Bruce

DiscountASP.NET
www.DiscountASP.NET (http://www.DiscountASP.NET)