Shulou(Shulou.com)06/03 Report--

Based on the introduction of the configuration of the application pool sandbox, this paper focuses on its specific steps, which are simple and easy to operate, and the content of the article is compact step by step. I hope you can get something according to this article.

Windows Server 2008 provides us with a new feature that allows built-in Windows users to inject auxiliary and unique information into worker processes and Windows security tokens, thus isolating the resources of individual worker processes from each other.

When using previous versions of IIS, it is sometimes difficult to isolate different Web application pools from each other. If multiple Web application pools need to run under the same identity (for example, Network Service), code running in one Web application pool can use the File System object to access resources that belong to other Web application pools, such as configuration files, Web pages, and so on. This is because when multiple processes are running as Network Service, we cannot allow one of them to access a file while preventing other processes from accessing the same file at the same time.

However, IIS 7. 0 provides us with an isolation mechanism. In IIS 7.0, each web application pool has a web application pool profile that is automatically generated according to startup conditions during the startup of the application pool. By default, these randomly generated configuration files are saved in the C:\ inetpub\ temp\ appPools folder. Each web application pool generates an additional SID (Security Identifier, security identity) and injects this SID into the w3wp.exe process. The profile of the application pool uses access lists for access control, allowing access only to those processes that use the relevant SID. Because each w3wp.exe process has its own SID, the configuration file for each application pool can only be accessed by one process with the same SID.

After reading the above, have you mastered the method of application pool sandbox configuration? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.