Microsoft .NET, ASP.NET, and IIS - any opinions?
From: Tracy Martin (tracy@arisiasoft.com)Date: 12/12/01
- Previous message: NVujic@sn.com: "RE: Logging off users"
- In reply to: Matthew.van.Eerde@hbinc.com: "RE: Logging off users"
- Next in thread: Ryan Counts: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Next in thread: NVujic@sn.com: "RE: Logging off users"
- Reply: Ryan Counts: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Nigel P. Willson: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Ken Pfeil: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Tracy Martin: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Matthew Reams: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Miller, Joe: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Pidgorny, Slav: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Alderson, John: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tracy Martin" <tracy@arisiasoft.com> To: <focus-ms@securityfocus.com> Date: Wed, 12 Dec 2001 15:52:01 -0500
Greetings,
We all know that IIS has it's flaws - and that for many of these there are
patches available (or at least workarounds). However, with the immanent
release of VisualStudio.NET and ASP.NET, I'm expecting to see installs of
IIS and the .NET runtimes (which, if I understand it correctly, basically
amounts to installing the full SDK - including command line compilers) on
servers all over.
And this begs the question - has anyone who has insight into this done any
security studies on this combination? Is the addition of .NET to IIS going
to cause any additional security holes (over and above those already present
in IIS itself)? And are there recommendations for closing these types of
holes if encountered?
I already know I'm going to be asked to set up such a server, and I'd like
to get a feel for what I'm letting myself in for. I know there are patches
available for IIS (and I've already applied them to the IIS server we have
live right now), but I'm curious if the addition of .NET to the mix is going
to introduce new problems (and also interested in potential solutions to
those problems while waiting for "official fixes" from Microsoft).
Any takers?
Tracy
- Previous message: NVujic@sn.com: "RE: Logging off users"
- In reply to: Matthew.van.Eerde@hbinc.com: "RE: Logging off users"
- Next in thread: Ryan Counts: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Next in thread: NVujic@sn.com: "RE: Logging off users"
- Reply: Ryan Counts: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Nigel P. Willson: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Ken Pfeil: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Tracy Martin: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Matthew Reams: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Miller, Joe: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Pidgorny, Slav: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Reply: Alderson, John: "RE: Microsoft .NET, ASP.NET, and IIS - any opinions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
