My ISAPI filter (Permalink) problem - How I fixed it - Remaining Security Questions:
I had followed the following site word for word:
but WordPress ISAPI filter was creating many Application log errors 2268 and 2214
So I then (most hazardly and without web security in mind) added the WordPress users "site_name_Anon" and "site_name_Admin" to the IIS_WPG user Group (it is creatd by W2k3 by default) and I also gave the user IIS_WPG "read" and "execute" permissions to the WordPressPlugin.dll file. **My Permalinks and ISAPI WordPress Filter now work**
The question I have now is: What security holes have I created?
Why I did what I did:
I had gone to the following site to troubleshoot my ISAPI WordPress Filter problem.
It educated me and I learned that my error was :
Data: 05 00 00 00 -Win32 error 5 - NET HELPMSG 5 returns "Access is denied."
The article then mentions:
"For IIS6 in worker process isolation mode, the process identity is configurable and is at least a member of the IIS_WPG group" (see more on the link)
That's when I got the idea to add the WordPress users "site_name_Anon" and "site_name_Admin" to the IIS_WPG user Group (it is creatd by W2k3 by default) and I also gave the user IIS_WPG "read" and "execute" permissions on the WordPressPlugin.dll file.