Consider converting the application over to Visual Basic to run local on the
laptop. This will preserve most if not all of your code as possible. VB
supports the development of "web applications" that look and feel like a web
based app but all "backend" server code is compiled into the local
application.

There are far too many security and design flaws with implementing a
solution like this using a local web server like IIS on as many laptops as
you are considering. You should rethink the deployment and architecture of
such an application.

Doug
-----Original Message-----
From: dayseizerexcite.com [mailto:dayseizerexcite.com]
Sent: October 1, 2001 11:35 AM
To: focus-mssecurityfocus.com
Subject: Running IIS locally - advice?

I have an asp (Active Server Pages) application that I have to deploy
locally to laptops. The thought process was, let's people used to seeing
this app in their web browser, even though they're disconnected. Then it's
available on the intranet, no learning curve.

Problem is, now I'm faced with a couple thousand new IIS web servers
(whether they like to admit it or not). Worse off, people are going to take
these home and plug them into God knows what network. I'm starting to make
list of things I want installed, disabled, etc, on these laptops. I have
some questions about some of the things on my list:

1) Configure the web site to only be acessible from 127.0.0.1 Can this
address be spoofed on a w2k machine?

2) Install a personal Firewall, block everything incoming. Will this
interfere with requests to the Loopback interface?

Does anyone know of any products that will run asp pages sans IIS/PWS? I
know I have to point the browser "someplace." I'm wondering if there's a
creative solution that doesn't require my workstations listening for http
requests at all.

Thanks in advance,
-dazed

_______________________________________________________
http://inbox.excite.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]