We really could use more detail about what you are saying/asking here. What version of IIS are you talking about? Also, what read/write permissions are you talking about? Do you mean the settings in IIS or the actual NTFS permissions?
One caution--allowing WebDAV access to your website and giving the anonymous user write or even read permissions can be very dangerous. Mark Burnett On Tue, 13 Dec 2005 14:42:17 +0200, Ömer Faruk Özer wrote: > Hi, > > "Script source access" permission in IIS allows users to see source > code of scripts. This is achieved by sending "translate: f" WebDAV > header after GET method. > > Here is an example you can try with telnet: > > GET /login.asp HTTP/1.0 > translate: f > > > If following conditions are met you should see the source code of > the script instead of its processed output. > > 1. WebDAV must be enabled. Because translate: f is a WebDAV header > 2. Script source access must be checked > 3. NTFS DACL of the login.asp must be IUSR_machinename:WRITE (if > Anonymous authentication is in place) > > Is there anybody who knows why just READ right is not enough? > > Omer Faruk Ozer > Researcher > National Research Institute of Electronics and Cryptology P.O. Box > 74, 41470 Gebze, KOCAELI, TURKEY > > Phone : +90 262 648 16 21 > Fax : +90 262 648 11 00 > e-mail : [EMAIL PROTECTED] > > > -------------------------------------------------------------------- > ------- ------------------------------------------------------------ > --------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
