|
Home > Archive > IIS Server Security > September 2006 > Implications of a SSL site as a virtual directory rather than a root website?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Implications of a SSL site as a virtual directory rather than a root website?
|
|
| Leythos 2006-09-22, 1:22 pm |
| I would like to know if anyone has links related to the implications of
running a SSL site as a virtual directory site rather than a root
website.
Thanks.
--
spam999free@rrohio.com
remove 999 in order to email me
| |
| Ken Schaefer 2006-09-23, 7:28 am |
| When you install an SSL server-authentication certificate, it it typically
installed for the entire website, not for a single directory (virtual or
otherwise).
You can choose to make your entire website, or only a portion of your
website (e.g. a single directory) available over SSL.
However, as it stands, your question doesn't really make a lot of sense.
Cheers
Ken
"Leythos" <void@nowhere.lan> wrote in message
news:CMSQg.1277$pq4.309@tornado.ohiordc.rr.com...
>I would like to know if anyone has links related to the implications of
> running a SSL site as a virtual directory site rather than a root
> website.
>
> Thanks.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
| |
| Leythos 2006-09-23, 1:27 pm |
| In article <OuaVq9u3GHA.1268@TK2MSFTNGP02.phx.gbl>,
kenREMOVE@THISadOpenStatic.com says...
> When you install an SSL server-authentication certificate, it it typically
> installed for the entire website, not for a single directory (virtual or
> otherwise).
>
> You can choose to make your entire website, or only a portion of your
> website (e.g. a single directory) available over SSL.
>
> However, as it stands, your question doesn't really make a lot of sense.
Since the NT4 days I've always made sites that were Root Sites, not
virtual directory sites, it was easy to lock them down, easy to keep
other sites on the server from interfering with them, easy to keep other
vendors that maintain a site from messing with the other root sites.
To make this question simple:
Are virtual directory sites as secure as root sites - from the
administrator and user and web user point of view?
--
spam999free@rrohio.com
remove 999 in order to email me
| |
| Roger Abell [MVP] 2006-09-24, 7:39 pm |
| "Leythos" <void@nowhere.lan> wrote in message
news:UX9Rg.345$Cq3.183@tornado.ohiordc.rr.com...
> In article <OuaVq9u3GHA.1268@TK2MSFTNGP02.phx.gbl>,
> kenREMOVE@THISadOpenStatic.com says...
>
> Since the NT4 days I've always made sites that were Root Sites, not
> virtual directory sites, it was easy to lock them down, easy to keep
> other sites on the server from interfering with them, easy to keep other
> vendors that maintain a site from messing with the other root sites.
>
> To make this question simple:
>
> Are virtual directory sites as secure as root sites - from the
> administrator and user and web user point of view?
>
Perhaps you need to define your terms very carefully and clearly.
IIS has long recognized the vdir, yes, but I for one find your use
of "root sites" as something compared to (hence different from?)
"virtual directory sites" perplexing.
A website (an LM instance) has a ROOT
The ROOT has a metabase type of IIsWebVirtualDir
A web within that LM instance is either located in contiguous
storage or it is not. I believe originally the intent was that if
the content area was to support an application boundary and
it was contiguous it was to be an IIsWebDirectory, and if not
contiguous (supporting application boundary or not) then it
was IIsWebVirtualDir
Now, I do not always find that to be how these are in fact
used, but perhaps that is due to content being moved about.
So, I do not understand you.
How is a root site not a virtual directory site?
The base of a sites root content is what it is.
| |
| Leythos 2006-09-24, 7:39 pm |
| In article <OczZBmB4GHA.1256@TK2MSFTNGP02.phx.gbl>, mvpNoSpam@asu.edu
says...
> So, I do not understand you.
> How is a root site not a virtual directory site?
> The base of a sites root content is what it is.
Let me explain it with a visual:
Create a new website (not a virtual site)
mydomain.com (I consider this a root site)
D:\WEB\ROOTSITE
I could have content under the same physical path, such as
mydomain.com/somefolder/some.htm
D:\WEB\ROOTSITE\SOMEFOLDER\some.htm
I could also create a vdir site site located in a different folder on
the drive:
VDir site: AnotherArea
would be seen as mydomain.com/AnotherArea
Another area would be located at: R:\WEBVDIRS\AnotherArea
When I configure permissions for the root site, I have to option to pass
changes down to the Vdir sites, which may or may not change how they are
secured, or other features about them.
If I create another website, I call a root site, as follows:
anotherarea.mydomain.com
R:\WEBVDIRS\AnotherArea (I kept it the same for illustration)
I can host this site on a different server, not connected in any way to
the first server, can have different certificates, can adjust security
without any possible changes to the mydomain.com website....
I consider the root method to be more secure than the vdir method,
that's what I'm trying to get an answer for.
--
spam999free@rrohio.com
remove 999 in order to email me
| |
| Ken Schaefer 2006-09-25, 1:51 am |
| Hi,
The "vdir site" you are talking about isn't really a site. It's just one
part of the parent site, which happens to be located in a discontiguous part
of the file system. You are arbitrarily calling this a "new site" based on
some criteria that you have, but it isn't really a new website - it's just a
folder located within an existing website. The same settings can be applied
(perhaps manually) to this virtual directory as with most "root sites" (as
you call them).
In terms of "security", security is not a bunch of settings. Security is
risk management. What risks do you face and how are you choosing to mitigate
them? If you only face 1 risk and you can eliminate/mitigate that risk the
same way with both a virtual directory and a root site, then both are just
as secure as each other.
Cheers
Ken
"Leythos" <void@nowhere.lan> wrote in message
news:acCRg.1638$pq4.1567@tornado.ohiordc.rr.com...
> In article <OczZBmB4GHA.1256@TK2MSFTNGP02.phx.gbl>, mvpNoSpam@asu.edu
> says...
>
> Let me explain it with a visual:
>
> Create a new website (not a virtual site)
>
> mydomain.com (I consider this a root site)
> D:\WEB\ROOTSITE
>
> I could have content under the same physical path, such as
>
> mydomain.com/somefolder/some.htm
> D:\WEB\ROOTSITE\SOMEFOLDER\some.htm
>
> I could also create a vdir site site located in a different folder on
> the drive:
>
> VDir site: AnotherArea
> would be seen as mydomain.com/AnotherArea
> Another area would be located at: R:\WEBVDIRS\AnotherArea
>
> When I configure permissions for the root site, I have to option to pass
> changes down to the Vdir sites, which may or may not change how they are
> secured, or other features about them.
>
> If I create another website, I call a root site, as follows:
> anotherarea.mydomain.com
> R:\WEBVDIRS\AnotherArea (I kept it the same for illustration)
>
> I can host this site on a different server, not connected in any way to
> the first server, can have different certificates, can adjust security
> without any possible changes to the mydomain.com website....
>
> I consider the root method to be more secure than the vdir method,
> that's what I'm trying to get an answer for.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
|
|
|
|
|