Question

几年前,我记得,我在一个领域与多个地点进行了斗争,其中一个地点被放在了根基。

当时我读了一个权威职位,向我作了明确解释:why。这是一种坏的思想,我记得的是零敲碎打的网络。混淆是主要原因(请你在基本上与该项目相悖的儿童项目中,不明确相互矛盾的提法)。从今以后,我总是在自己的虚拟道路上部署任何网站,使用一个单一的后向根直线,以标明违约网站。

我认为,从那时起,权威性参考资料和部署考虑可能已经发生变化。

这一设想的利弊和可能性如何? 我 asking问,因为一家公司在将部署分开方面与浏览器合作,我不认为这是一个好的想法。

Answer 1

Short answer : isolation. IMO the benefits to host different web site/web applications without isolating them are pointless.

长期答复:

<>Pros>:

Using a single port without specific bindings (ie. aliases) : if you don t have access to website bindings, its usefull
Rapid-deployment and dynamic web site creation : you can create a new subsite without declaring it on the IIS side
Sharing settings : apply web site base settings to all subsites (documents, mime types etc...)

<><>Cons>:

Application pool isolation : no identity isolation, no worker process isolation, no failure/recovery isolation, etc... (time out, memory limit etc...)
AppDomain or lifetime isolation : you ll have to take care of your website AppDomains. If you share the same AppDomain, you ll share the same life cycle : if the AppDomain is unloaded, all the websites under this AppDomain will go down and reloaded (ie. if you touch an AppDomain web.config)
Architecture isolation : some web application development need some tunning on the IIS side, if you tune your IIS pool or website just for one app, its an impact for all the sites. I think about 32-bits and 64-bits setting or wildcard mapping for example.
www.un.org/spanish/ecosoc 《劳动法》和《安全隔离:适用于同一工人过程和/或上诉人的保护较少,无法防止交叉申请进入/攻击/攻击。你们必须更加警惕,确保不能由他人阅读来自他人的信息。
Audit : it could be more difficult to audit the web sites activity and failure.

Web application isolation has always be a goal on mutualised environments to protect applications from each other.

自IIS7以来,应用群的隔离与“应用集合特性”进一步相联:。

我也认为这一条:。 http://searchsecurity.techtarget.com/tip/Web-application-isolation。

你们也应该看看“共享点”的收集结构。 http://blogs.msdn.com/b/sgoodyear/archive/11/18/9848865.aspx” rel=“nofollow”http://blogs.msdn.com/b/sgoodyear/archive/11/18/9848865.aspx。

Answer 2

The main counterindication for hosting multiple "sites" under one domain (and as such as one "website" in IIS) I can think of would be user identity isolation; a visitor logged in to /site1 would also be logged in to /site2 when you configure e.g. Windows authentication and this is something you might not want.

The same potentially applies for cookies set at the domain level. In IIS a website is a security boundary (for the client as well) and having multiple "sites" in the same domain COULD open you up to security vulnerabilities...

至于把一个“现场”放在底部,而把其他地点放在子里;你为“圆点”设计的套头将连接到“子站”;这再次可能是一个非问题,但可能是一个潜在的安全缺陷。

友情链接