| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: SQL Server on intranet? |
From: Mike N.
On Thu, 17 Feb 2005 23:38:53 -0800, Ellen K. wrote:
> I don't like the idea of IIS
>and SQL Server on the same box, even if it's only internal... If I'm
>wrong, please beat me up, but if I'm not wrong, please help me out with
>some specific ammunition.
There are several viewpoints -
Assuming that it is easier to break into a poorly or mis-configured
IIS site than SQL Server, the IIS code has the same rights to the SQL data
whether it's on the same or different server. [No difference]
The other half is that it becomes slightly easier to interrogate the
registry, filesystem, etc on the SQL server system, assuming that they can
gain control over the IIS site. [Very slightly less secure]
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.