in a scenario where multiple websites will be running on IIS 8.5, each website has its own app pool, the app pool has full permissions to write (including uploading DLL) along with execute permissions for running the app.
The permission is given to the IIS App pool identity (SID Identity of the application pool) not a windows account used by the pool.
My question is that a security threat for the server or the app pool will be encapsulated in its website folder?
Thanks
