Virtual directories

[Mark]

Aside from a virtual directory sharing memory with other sites, are there
security issues caused by using virtual directories? I have a collegue that
claims that a hacker could screw around with your code by executing code for
one project (virtual directory 2) from a different virtual directory 1.

www.oursite.com/virtualdirectory1/virtualdirectory2/somepageinvirtualdirecto
ry2.aspx

True or false? Thanks in advance.

Mark

 

[bruce barker]

your friend is correct. because asp.net needs access to dll's any other vdir
(when it revert back to the asp.net account) has permission to read and
load web.config, and all the dll's.

if you switch to iis6.0, you can create application pools with seperate
asp.net accounts, so you can prevent one pool hacking another, but you will
have simular issues in the same pool.

-- bruce (sqlwork.com)