SweatCoder
asked on
Install web application on C-Drive?
My company makes an IIS-based web application that runs on Windows Server 2003. A person at my company is convinced that "nobody should ever install a web application onto the C drive, for security reasons". Therefore, we insist that all our customers create a "D" partition and install the webapp onto that partition.
This notion seems bizarre to me, mainly because, of the thousands of web-security articles I've read, nothing like this has ever been mentioned. And I have installed many web apps from other companies, and they all install to C by default, and none of them recommend to "not install to c".
I am looking for info about this, "for" or "against", backed up by specifics, online articles, and anything else reputable.
This notion seems bizarre to me, mainly because, of the thousands of web-security articles I've read, nothing like this has ever been mentioned. And I have installed many web apps from other companies, and they all install to C by default, and none of them recommend to "not install to c".
I am looking for info about this, "for" or "against", backed up by specifics, online articles, and anything else reputable.
Hi SweatCoder,
There are a number of reason why one would want to install a web application on a partition other than the system drive. Foremost is the number of exploits within IE and web apps that can grant a malicious user access to the file system - putting the application on D: somewhat lessens the chance that the intruder may 'take down' the entire server.
As a general systems administration rule, it is best practice and strongly recommended for any server to have a seperate partition for applications. C:\ drive should be reserved for OS (and possibly paging) only and D:\, E:\, etc for all other applications (web apps, Office, virus software, etc)
Cheers!
There are a number of reason why one would want to install a web application on a partition other than the system drive. Foremost is the number of exploits within IE and web apps that can grant a malicious user access to the file system - putting the application on D: somewhat lessens the chance that the intruder may 'take down' the entire server.
As a general systems administration rule, it is best practice and strongly recommended for any server to have a seperate partition for applications. C:\ drive should be reserved for OS (and possibly paging) only and D:\, E:\, etc for all other applications (web apps, Office, virus software, etc)
Cheers!
ASKER
jss1199, that's a well-stated answer, but...can you give me a link to [an] article(s) that backs up your assertion?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER