Linked by Thom Holwerda on Fri 14th Jul 2006 11:37 UTC
eWeek reviews IIS 7 Beta. "Versions of IIS prior to 6 were the main points of attack for major worms and viruses such as Nimda. With IIS 6, Microsoft moved the Web server to a default profile that was much more secure. This and other security improvements have paid off, as IIS is nowhere near the major security problem it once was. To a certain degree, IIS 7 carries on this move to greater security with a default install that is even more secure than Version 6's and improvements in security management."
Thread beginning with comment 142987
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-06
I attended a presentation of IIS 7 in Milan a few weeks ago. It's been very fascinating.
To me, the best feature really is not modularization (that's not very impressive: IIS 6 already has a very good security score though this could improve performance) but the fact that .NET has been inserted into IIS pipeline and we will be able to actually leverage .NET features to control IIS behaviour. That's very impressive because .NET features are potentially extended to system itself and can affect other modules too. That's really nice.
Other than that, configuration files in plain text can be useful but we already had a very complete API to do that so I'm not that sold there.
Plus, there will be other significant improvements but main changes to me are related to how you can programmatically handle almost any aspect of IIS.
The only thing I didn't like (and I specifically asked Elly about this) was about the need to run ASP.NET at medium trust level to automagically achieve protection. I hoped they would fix this.