I have a folder in my web server used for the users to upload photos using an ASP page.
Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder.
I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP.
Edit: Changing the question for clarity and changing my answers as comments.