Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
> From: [...] Glen Starrett [...] > I > just appreciate the clarity of clear text configuration > compared to the > IIS GUI model. Quite. Hence, I generally prefer UNIX-derived systems over Windows-derived ones. However, there are worse culprits than IIS in my experience. > Unfortunately IIS has a history that when it does > have a hole exposed, it's a doozy! :) My approach... 1. Install the Loopback network adapter on the development machine (or use a disconnected network adapter if you prefer). Yes, the good ol' Loopback adapter is still there, even in 2k3. 2. Assign the loopback adapter an IP address on an unused subnet. It can be the same on each developer machine. 3. Optionally, assign a name to that IP address in the hosts file. If you use the same address on each machine, you can add it to DNS instead. 4. Bind all your Web sites in IIS to just that IP address. You now have an IIS that is visible on your developer machine, but inaccessible from the corporate network. That should reduce the attack surface considerably :-). - Peter