RE: IIS 6 features

From: Ross, Jason (Jason.Ross_at_GlobalCrossing.com)
Date: 10/31/03

  • Next message: Sergey V. Gordeychik: "RE: ICF Firewall - How can I do it?" 
    To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Thu, 30 Oct 2003 21:32:14 -0500

    Thanks for not beating up on me. I was afraid this
    post would be seen as a 'troll' attempt and ignored.

    As I've dug a bit deeper, I've learned some pretty handy
    things that IIS has. My favorites so far are the XML
    based config and the "change it on the fly" features ...
    still playing though.

    Comments inline, and apologies if the formatting gets
    blown away ... I have yet to figure out how to make
    plain text email wrap correctly in outlook =)

    Regards,
    Jason

    -----Original Message-----
    From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
    Sent: Thursday, October 30, 2003 7:02 PM
    To: Ross, Jason; focus-ms@securityfocus.com
    Subject: RE: IIS 6 features

    > No, the answer to a misfiring or flawed application is to shut it down,
    > *but* (and this is important), there is an automatic starting of a new,
    > fresh application pool to replace it (unless, of course, you don't want
    that to occur).

    So, if I understand correctly, the misbehaving application pool is placed
    into
    "out of service" mode and all new and queued requests for anything serviced
    by
    that pool get an immediate "503 service unavailable" error; However, a new
    application pool is created for the web sites and apps that were contained
    in
    the rogue pool, so that any new requests that come in after this feature has
    done its job can be serviced ?

    That's pretty cool ...

    The way it was written made it sound as though the service would remain
    unavailable
    until some intervention was made, whether through a manual process or one
    that
    was configured to be run automatically.

    My concern was that, if this were the case, it seemed to be promoting self
    DoS as an
    acceptable alternative to someone else doing it, which would be a slippery
    slope to
    tread IMO.

    >> once a buffer or memory overflow has been detected in a
    >> particular worker process, the worker process will be shut
    >> down so that it cannot affect other worker processes."
    > See above; same thing.

    Little different, but same concept. One of the other posts
    (by Mattias Nyholm) did a very good job of explaining how
    this works, and I must admit, I'm pretty impressed!

    >> 3. Microsoft Passport Authentication
    >> "IIS 6.0 and Windows Server 2003 supports authentication
    >> using the Microsoft Passport service.

    > Keep in mind, you can set up your *own* passport server and use it for
    business relationships.
    > You can also set it up to use with your AD. Note that I'm not necessarily
    recommending these
    > things, but if you look at the Passport SDK, you'll get a clearer idea of
    the options and
    > functionality it gives.

    I didn't realize that. I was way off base on this one apparently, which is
    why I prefaced all my remarks with "I'm a newbie to this 2k3 stuff ..."

    >> Does that mean that any content and software I place on
    >> servers using IIS and taking
    >> advantage of the Passport features now becomes MS property?

    > No, it means that it's their software because they wrote it,
    > versus GPL-style licensing. You can't resell Passport.

    I know, it's just awkwardly written.
    But then, that's what makes it a legal doc i suppose =)

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
    and use priority code SF4.
    ---------------------------------------------------------------------------

  • Next message: Sergey V. Gordeychik: "RE: ICF Firewall - How can I do it?"

    Relevant Pages

    • Re: unable to run asp.net on 2000 server
      ... use this version of the .NET Framework. ... Viewing the Script Map for an ASP.NET Application ... Open the IIS management console, expand the local computer by clicking ... as long as they share the same pool designation. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Unable to create ASP.NET Project... VS Cant communicate with FrontPage
      ... use this version of the .NET Framework. ... Viewing the Script Map for an ASP.NET Application ... Open the IIS management console, expand the local computer by clicking ... as long as they share the same pool designation. ...
      (microsoft.public.vsnet.general)
    • Re: Unable to create ASP.NET Project... VS Cant communicate with FrontPage
      ... > use this version of the .NET Framework. ... it is often useful to view the script map for an ASP.NET ... Open the IIS management console, ... as long as they share the same pool designation. ...
      (microsoft.public.vsnet.general)
    • RE: IIS/Mail crashes
      ... This issue can be caused by incorrect application pool settings. ... Start IIS manager, expand Application Pools -> ExchangeApplicationPool, ... Please help me gather IIS log and Metabase to me for further analysis, ... Microsoft Online Newsgroup Support ...
      (microsoft.public.windows.server.sbs)
    • Re: some locations spin, fish, and shoot. Others respectively assess
      ... It escaped, you lighted, yet Alhadin never speedily linked onto the ... pool. ... Andy happens the due passport near the study? ...
      (sci.crypt)