I have heard and read if at all possible do not install IIS on your SQL Serv
ers. It is best to keep them seperate for 1) Performance 2) Opens up securi
ty issues. So we have always installed IIS on our web servers only. Isn't
this the best case scenario
? I have a developer who wants to install IIS on all the SQL Server boxes a
nd I am against it. What would his reasonings be?
Thanks,
WarrenIIS is very complex thing and there are many patches and unpatched things
especially if you enable full functionallity.
Here last one
http://www.securityfocus.com/bid/10116
If someone get access to the web server, if you use sql account with limited
rights he still will not be able to hurt your data, but if he get access to
the same machine where is your data he can do everything. The data is the
most critical thing. If you burn your web server it will take few hours to
get the application copied and configured but if your data server is gone
then you must find your last backup and most probably you will lose data,
see that I do not talk that if someone get sensitive data about your
business or clients he can burn your entire business or your reputacy.
If IIS is not critically needed at the SQL Server side - do not install it.
Price for another server is much lower that the risk.
Bojidar Alexandrov
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment