Dear all,
We have implemented a website (ASP.NET 4.5) that reads only from an database (MS SQL 2012) except from two log tables that it writes to (We have a SQL user for that). The customer that the website is for, is asking for HIGH security principles and he mentions that we dont have a application server. As far as i know IIS is the application server or can we do something else in order to improve security?
Is there any best practice for the hardware structure of an ASP.net website with an MS SQL Database?
Thanks in advance