Pitfalls


Be aware of the following potential pitfalls when working with IISLockdown:

  • IISLockdown configures NTFS permissions using the new group Web Anonymous Users . By default, this contains the IUSR_MACHINE account. If you create new anonymous accounts, you must manually add these accounts to the Web Anonymous Users group.

  • If you debug ASP.NET pages using Microsoft Visual Studio .NET, debugging stops working. This is because IISLockdown installs URLScan and URLScan blocks the DEBUG verb. For more information about using IISLockdown on developer workstations, see "How To: Secure Your Developer Workstation" in this guide.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net