I am not a programmer, but what not have a com object or other executable that the asp script can call to read the registry using the system account? I would never ever let anything that has to do with a web site modify the registry.
John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > [EMAIL PROTECTED] On Behalf Of Aaron Clausen > Sent: Wednesday, June 11, 2003 4:37 PM > To: IMail Forum > Subject: [IMail Forum] Somewhat OT: Registry Security > > I'm about to embark on a small ASP project to give our users the ability to > manipulate their Declude spam files. This will require that the script go into the > registry to read some IMail information. We have hundreds of users, so I am not > going to be using NT authentication, but a custom auth system based upon email > address and password. > > This will be running on a Win2000 server and IIS5, so naturally, the anonymous > user that the ASP scripts will be running under will have to have permissions to > read (and possibly modify) the registry. Is this an advisable course of action? They > will still have to have a userid and password to get in, and only the subweb where > the ASP application sits will have those permissions. Or is this just a bad idea all > around? > > -- > A. Clausen > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
