Securing your ArcGIS Server site

When you install ArcGIS Server, you will find the following:

These settings are usually sufficient for organizations that are deploying ArcGIS Server for their own department's use. If you are using ArcGIS Server in an enterprise, a highly secure environment, or serving to the Internet, you will want to configure ArcGIS Server security further. The topics in this help book will help you do the following:

GIS web services allow many operations that take user input, such as queries, edits, feature attachments, and so forth. Esri performs periodic security audits to test its software for vulnerabilities to SQL injection and other forms of attacks that could come through user input. Additionally, service administrators are given options to disable queries, downloads, and uploads for individual services.

In order to reduce the vulnerability of your server, you should follow best practices such as allowing only the minimum necessary privileges to the ArcGIS Server account. Some of these recommendations are outlined in Best practices for configuring a secure environment.