Hi. I've modified some folder listing source from 4guysfromrolla to create folder listings of my server similar to the directory browsing capability of IIS. However I'm afraid that someone may use this to their advantage and run amok on my server. The code passes the next folder to browse through the URL. Although access to files are restricted due to security restrictions imposed in IIS, it is still possible to browse the contents of the entire hard disk. I figure that I could hide variables sent by using the POST method, but I'm unsure of how to fire off a submit from a hyperlink in vbscript. Any ideas?