ASP.Net shared hosting & security
From: richlm (richlm_at_itcoaches.dk)
Date: 09/19/03
- Previous message: Michael: "Sending email securely"
- In reply to: Andrea Pichler: "ASP.Net shared hosting & security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Sep 2003 08:11:36 -0700
IIS 6 has a new "application pool" feature which help
solve this type of problem.
The app pool corresponds to a separate process hosted by
IIS, and you can control which user account the process
runs under.
You could set up multiple accounts, with various levels
of restriction on what the account can do on the machine.
>-----Original Message-----
>Hello.
>
>I'm trying to setup a Win2003 server for hosting ASP.Net
Applications in a
>Shared Hosting enviroment.
>
>With the "old" ASP I created a different anonymous
account for each web site
>and restricted the NTFS permissions on system and
website folders.
>
>With ASP.Net I set the <identity impersonate="true"/> in
the machine.config
>file and the ASP.Net applications works with the user
rights on the file
>system.
>
>My questions are:
>- Is there a way to set somthing like "nooverride" to
avoid single web sites
>to change this setting editing the web.config file ?
>- Is there something other to set to restrict the single
ASP.Net
>applications ?
>- I read that the Framework v.1.1 has enhancements for
hosting and security.
>It's true and how can I use this enhancements in my
scenario ?
>- Is there a way to limit the available namespaces for
the single .Net
>application (for example, I don't want that users loads
applications on my
>server that makes port scanning to other hosts,
applications that reads
>active directory and so on.) ?
>
>
>Thanks
>Andrea
>
>
>
>.
>
- Previous message: Michael: "Sending email securely"
- In reply to: Andrea Pichler: "ASP.Net shared hosting & security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
