Summary


If you host multiple ASP.NET applications on a single Web server, you need to consider how applications are isolated from one another and from shared system resources such as the file system, registry, and event logs. Without adequate isolation, a rogue or badly developed application can adversely affect other applications on the server.

On Windows Server 2003, use the multiple worker process model supported by IIS 6 to provide operating system process isolation for applications. On Windows 2000, process isolation is not possible, although multiple applications can be configured to use separate anonymous user accounts. This provides separate application auditing and supports independent application authorization.

On both platforms you can use the resource constraint model provided by code access security as an additional control to restrict which applications have access to which resource types. The use of code access security with ASP.NET applications requires version 1.1 of the .NET Framework.

For more information about securing ASP.NET applications, see Chapter 19, "Securing Your ASP.NET Applications and Web Services."




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net