Bugtraq mailing list archives
Re: MS IIS 5.0 Access Violation on handling URL String
From: zthompson () ATT COM (Thompson, Zach, CPG)
Date: Mon, 31 Jan 2000 19:59:00 -0500
Wouldn't the use of Microsoft Transaction Server allow the transaction to be recovered as soon as the IIS service is restarted? If you had a web application that you ran in a separate memory space from IIS, then if you crashed IIS, the transaction could possibly still be processed outside of the IIS service. If you are using Transaction Server, the application/process that is handling the request would be managed by a Transaction Processing Monitor(TPC) which is there for providing fault tolerance in situations like the one described below. As soon as the IIS service was restarted, it would be conceivable that the TPC could then hand the completed transaction back to the client. -Z -----Original Message----- From: Lark Lizerman [mailto:webmaster () DOC2000 DE] Sent: Saturday, January 15, 2000 10:14 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: MS IIS 5.0 Access Violation on handling URL String Danger: The fact at this point is that it is possible to crash IIS 5.0 and the process must be restarted what means data loss at all clients connected. On a CreditCard transaction / Stock Systems it would mean dramatic financial loss. The main danger is not, that a website with few hundred visitors will become unavailable for some seconds, but if it is a SSL System which handles transactions get's interrupted while datatransfer. Imagine you sell shares for 200.000$ and your order get's interrupted you may loose a _lot_ of money. Most transactionsystems are Unix but in the past more and more NT Systems have been used for this kind of business. greets Lark Lizerman
Current thread:
- Re: MS IIS 5.0 Access Violation on handling URL String Thompson, Zach, CPG (Jan 31)