If you want your web site visited by the public,you must enable anonymous (read only) access. Where you want to disable anonymous access is on your FTP accounts. Those should be restricted to user name and password, and in IIS you can even specify a port (other than 21) which is an additional security step. Of course you can restrict web access to qualified users, and require a username and password to enter the site, but I don't use that except for a test development directory and I want the client to see what has been done so far, before going live. In that last instance, I will use NT permissions as access control.
If you use ColdFusion on the web site, then the directories must have SYSTEM permissions. ===================================== Douglas White group Manager mailto:[EMAIL PROTECTED] http://www.samcfug.org ===================================== ----- Original Message ----- From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, November 27, 2002 3:38 PM Subject: Re: webservices/IIS and username/password authentication | Brook Davies wrote: | | > Has any one used IIS and ACL security in conjunction with the CFMX | > Webservice username & password feature to access a webservice? As soon | > as I turn on the "disallow anonymous access" within IIS, I can not get | > the webservice to connect. | | Unless you want to use Windows accounts for the u/p you can roll your | own basic authentication. That might be easier to track the exact HTTP | headers. | | Jochem | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
