Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Security Issues with ASP.Net

Reply
Thread Tools

Security Issues with ASP.Net

 
 
Sanjay Poojari
Guest
Posts: n/a
 
      07-21-2003
Hi All,

Need some advice on some of the security issues in my ASP.Net application.
There are certain tasks that I need to implement so need advice/guidance on
them as well as safeguards that I should implement. The application would
be typically running on Windows Server 2003 with IIS6 with .Net framework
1.1

1. My application saves its settings to the registry. I know that by
default the Aspnet user does not have rights to edit the registry. My
Workaround is that I changed the user in processmodel from "machine" to
"SYSTEM" in the machine.config file. Also in case of 2003 Server, I have to
explicitly grant full rights to the aspnet user to the registry.

Somehow I feel that this solution is not a good one and has the potential
for making the web server unsafe. Any other solutions/workarounds for this
problem?

2. My application needs to read/write/create directories from the file
system on the webserver. I have to explicitly grant the aspnet user full
access to the directories in question. Any other elegant solution to this
issue?

Also, in Windows Server 2003, this does not work if the directory is located
inside the "Program Files" directory. Does not work even when the aspnet
user is added to the Administrators group. Why could this be happening?

Any suggestions/pointers would be appreciated.

Thanks in advance,
Sanjay


 
Reply With Quote
 
 
 
 
Kevin Spencer
Guest
Posts: n/a
 
      07-21-2003
Most executable programs you run use the local System account to run.
ASP.Net is no different. There is no Security risk unless some hostile
person can somehow take control of your ASP.Net app. The aspnet user account
is more useful if you are, for example, a hosting service, and of course,
you don't want to grant blanket access to the entire machine to all of your
hosting clients.
--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
http://www.takempis.com
Big things are made up of
lots of little things.

"Sanjay Poojari" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi All,
>
> Need some advice on some of the security issues in my ASP.Net application.
> There are certain tasks that I need to implement so need advice/guidance

on
> them as well as safeguards that I should implement. The application would
> be typically running on Windows Server 2003 with IIS6 with .Net framework
> 1.1
>
> 1. My application saves its settings to the registry. I know that by
> default the Aspnet user does not have rights to edit the registry. My
> Workaround is that I changed the user in processmodel from "machine" to
> "SYSTEM" in the machine.config file. Also in case of 2003 Server, I have

to
> explicitly grant full rights to the aspnet user to the registry.
>
> Somehow I feel that this solution is not a good one and has the potential
> for making the web server unsafe. Any other solutions/workarounds for

this
> problem?
>
> 2. My application needs to read/write/create directories from the file
> system on the webserver. I have to explicitly grant the aspnet user full
> access to the directories in question. Any other elegant solution to this
> issue?
>
> Also, in Windows Server 2003, this does not work if the directory is

located
> inside the "Program Files" directory. Does not work even when the aspnet
> user is added to the Administrators group. Why could this be happening?
>
> Any suggestions/pointers would be appreciated.
>
> Thanks in advance,
> Sanjay
>
>



 
Reply With Quote
 
 
 
 
Sanjay Poojari
Guest
Posts: n/a
 
      07-21-2003
Thanks Kevin!

Sanjay

"Kevin Spencer" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> Most executable programs you run use the local System account to run.
> ASP.Net is no different. There is no Security risk unless some hostile



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows XP Pro clean install issues, SP2 issues too... Howie Computer Support 0 07-06-2005 07:12 PM
Re: Windows XP Pro clean install issues, SP2 issues too... pcbutts1 Computer Support 0 07-06-2005 04:58 PM
Re: Windows XP Pro clean install issues, SP2 issues too... pcbutts1 Computer Support 0 07-06-2005 04:52 PM
SNMP Issues in Cisco Routers; Vulnerability Issues in TCP =?iso-8859-1?Q?Frisbee=AE?= MCSE 0 04-21-2004 03:00 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments