Administration Considerations


Check

Description

Unnecessary Web service protocols, including HTTP GET and HTTP POST, are disabled.

The documentation protocol is disabled if you do not want to support the dynamic generation of WSDL.

The Web service runs using a least-privileged process account (configured through the <processModel> element in Machine.config.)

Custom accounts are encrypted by using Aspnet_setref.exe.

Tracing is disabled with:

 <trace enabled="false" /> 

Debug compilations are disabled with:

 <compilation debug="false" explicit="true" defaultLanguage="vb"> 



Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net