> So is that just the case of adding IUSER_XXX to cmd.exe? > What permissions do I give IUSER on cmd.exe?
remove the deny that is probably alreaDy there, and add iusr_server with read&execute. > Isn't that a big risk? Is there a way to exploit that? (apart from someone > uploading php code etc), via a URL or something? > > Just wanting the "correct/safest" way to do this. hmm ... last time I checked the source for PHP - all methods of calling external progs (system(), exec(), passthru()) all used cmd.exe to execute your command, even if your command was a command line .exe. you could maybe check the newer proc_open() function - I'm not sure with that one. -- Louis Solomon www.SteelBytes.com -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
