On this page

IIS 6 - run with an application user
IIS 6 Application pool management

Ads

Navigation

Photo gallery
Home

Search

Categories

 
  .Net
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Clouds

Sql Server (5) .Net (16) .Net 2.0 (2) C# (3) @ff Topic (5) Architectural solutions (9) ASP (1) BDD (5) Blog related (8) database (2) Development process (8) Facebook (1) job interviews (1) Lessons (5) Life (12) Microsoft (5) IIS 6 (2) SPS (sharepoint server) (3) Drivers (1) Internet Explorer (2) Windows 2003 server (1) NightDuck (2) Performance (5) Security (9) Sql Server 2000 (4) Study (2) TDD (1) Threading (3) Under the hood (1) Web (1) Web services (1) XSS (6)

Archive

July, 2008 (1)
June, 2008 (4)
May, 2008 (1)
January, 2008 (1)
December, 2007 (1)
November, 2007 (3)
October, 2007 (4)
September, 2007 (2)
July, 2007 (6)
June, 2007 (3)
April, 2007 (2)
March, 2007 (4)
February, 2007 (6)
January, 2007 (4)
October, 2006 (6)
September, 2006 (5)
August, 2006 (10)

Blogroll

 Avi Wortzel
 Doron Yaacoby
 Nati Dobkin
 Oren Ellenbogen
 pasha bitz
 Shani raba
 Yossi shmuelly

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

RSS 2.0 | Atom 1.0 | CDF

Send mail to the author(s) E-mail

Total Posts: 63
This Year: 0
This Month: 0
This Week: 0
Comments: 33

Sign In
Pick a theme:

 Tuesday, August 29, 2006
IIS 6 - run with an application user
Tuesday, August 29, 2006 10:55:46 PM (GMT Standard Time, UTC+00:00) ( Microsoft | IIS 6 | Security )

One of the most important rules about running an application (specially web application) is giving to the application only the needed permissions to run, and no more ! (running a web application with an administrator user is bad....).
Sure, it's very comfortable to give the application all the permissions that the system has, and not trying to solve permission related problems directly,
But this kind of an approach is a security-breach prone approach.
suppose, you wrote an application that has a minor security hole in it, and it allows the user to execute some unwanted script.
If it will run in a full permissions context, than it would be very easy to hijack the entire system, or even just do a system-wide damage.
But, if it will run only with the needed permission, then the attacker would have a hard time doing it.

So, what is the solution ?

Read more ...
Comments [2] | | # 
 Thursday, August 24, 2006
IIS 6 Application pool management
Thursday, August 24, 2006 7:31:07 PM (GMT Standard Time, UTC+00:00) ( Microsoft | IIS 6 )
Ever encountered on a situation that you have several Web Applications that works fine on the IIS 6 machine,
and then you add another application to join the party, and all the server crashes/ not responding / running very slow?

The answer is probably because the additional application that you added is a resource hog, and it doesn't leave the other web application any resources at all.


So, what can we do?
Read more ...
Comments [0] | | #