I've done a ton of reading on this on many different forums and it seems that in order to get apps like JHEAD and IM to work you need to give CMD.exe IUSR permissions. As this is probably the single biggest security hole that can be opened on a webserver short of posting your admin username and password on your homepage, I'm wondering what other solutions there are for Windows server users. Can't the code be modified somehow?
This seems crazy that I should have to do this in order to get this software to work.
Is it possible to create a renamed version of cmd.exe that could then be called instead? I tried to do this and renamed the line: exec( "cmd.exe /c $syscmd", $return, $retval ); to the new .exe name, but it did not work.
Last edited by jmottle; July 10th, 2004 at 01:47 AM.