How the IIS server persistent the identity credential? Is this an security
issue?
As far as I know the IIS persistent the identity credentital, when you
configure it run or connect an disk using a specificed identity (username
and password), so when the IIS server machine restart, it doesn't need you
re-config it.
But as the credential are persistent that means each user, who can access
the persistent storage (whater ever file or other storage), can extract
the user name and password. Does this an security issue? How does IIS
resolve this issue? (Only save an token, which is the result of using the
username and password for authentication, doesn't work, because you can
also extract the token, and use it.)
No comments:
Post a Comment