« Previous Next »

• 11-04-2009, 2:43 PM

  jdshultz Joined on 11-04-2009, 7:36 PM Posts 1

  IIS 7.0 and IIS 7.5 Security issues running on System Drive Reply Contact In the past with our IIS 5.0 and IIS 6.0 installs we redirected our IIS installs from the System drive to the different system partition so it wasn't installed in the default install path. What I am wanting to know is there any issues or does this put us at any more of a security risk to just install IIS 7.0 and IIS 7.5 on our main system drive? It was real easy for us to redirect our installs of IIS 5 & 6 but even though I know you can change the install path for IIS 7 & 7.5 it is not a simple process. The way I look at it from a security risk is if someone is able to hack onto your server though IIS even if it is not installed on the default location they will be able to access whatever they want since they are on the server already so I don't see the issue with this being on the default location. Can someone please let me know there thoughts on this question.

• 11-05-2009, 6:38 AM

  In reply to

  Rovastar Joined on 03-13-2008, 2:00 PM London, UK Posts 1,784

  Re: IIS 7.0 and IIS 7.5 Security issues running on System Drive Reply Contact The main reason in the past IIS 3,4,5, etc for the best practices of it not having iis being on the system drive from a security point of view was it was possible with some exploits to do  directory traversing of the site to drill down to the system root and execute stuff from there on a not properly configured server. Modern versions of IIS 6 onwards and I think even 5. You cannot do this. So the security risk is more minimal. Personally I like to have the website data on a sepearte partition, just in case another exploit occurs Also it is generally best practice not to have your "data" (and websites I would class as "data" ) on your system drive. http://www.iisportal.com