IIS Provisioning Security Considerations

In protecting an Internet Information Services (IIS) provisioning deployment, it is important to consider many of the same basic input source and validation issues listed in these topics:Input Validation and Protection against Injection Attacks.

One key parameter that a developer must validate and protect is the "path" parameter that can be set on any IIS Virtual Directory or Site. This parameter points to folder path whether local or UNC that will contain the data exposed through the IIS, this raises the possiblity of exposing information that was not intended to be exposed through IIS.

Here are some guidelines a developer should following when designing an interface that interacts with the IIS Provider and corresponding namespces.