Hi, I'm configuring a web server with IIS8 and I would like to isolate all the websites for a good security. Should I create a user for each website and assign this user for the current application or ApplicationPoolIdentity must be enought for a good security configuration?
The second question is that I uploaded to a website an .asp file with fso and I can navigate for all the server disk (only read), I would like to prevent than a user can upload a similar file and navigate for other folders except his website.
Thanks a lot.
Roberto