|Posted: Thu, 2005-12-08 23:53|
I locked down my IIS boxes and can't for th elife of me figure out why its okay to allow the anonymous web user to execute CMD.EXE!!!
I have copied the cmd.exe to the PHP dir and allowed THAT to be executed, but gallery still insists on calling it from the \system32\cmd.exe direcctory.
I would even prefer to be able to RENAME the cmd.exe too!
What do I have to do to retain the safety of the locks i have placed, while allowing Gallery2 to execute cmd when it needs to??!