when users are allowed to upload files and/or images how are permissions handled? should the iusr<machinename> have write access to the upload directory? if this is true, isn't this a security risc? or is it possible to let cute editor to log in as a user when uploading files?