Securing Your Web Server

Commerce Server 2002

You can set IIS Web server permissions to limit the access of anonymous users to your applications, and can also be used to limit the viewing of source code over the Internet, even for users with Windows permissions (or access control entries (ACEs)).

Following are the differences between Web server permissions and NTFS permissions:

  • Web server permissions apply to all users accessing your Web sites.
  • NTFS permissions apply only to a specific user or group of users with a valid Windows account. NTFS controls access to physical directories on your server, whereas Web server permissions control access to virtual directories on your Web site.

When you use Site Packager to package a site, it will pick up the Web server permissions as set in the source site. For example, if you have the Execute Permissions setting set to "Scripts and Executables" in the root folder of the application on the source computer, the virtual root folder on the destination computer will have the same setting.

For example, the following table describes how the IIS permissions are set in the Commerce Server Solution Sites.

RootSet Execute permission to Scripts and Executables.
Pipeline, Include, TemplateDeny permission to Read, Write, and Execute.

This section contains:

Copyright © 2005 Microsoft Corporation.
All rights reserved.