Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Shared Hosting

Reply
Thread Tools

Shared Hosting

 
 
Mike Parris
Guest
Posts: n/a
 
      12-06-2005
How secure is the .net framework in a shared hosting enviroment?

I am discussing running a .net application with a hosting company and they
are reluctant to allow the aspnet user account write access to a folder
within my site. They are saying that this is insecure. I believe that they
are wrong but would like a more informed opinion.

Is it possible for one site to access files from another site using .net?

Is there a better way of allowing an application to write to a folder than
giving the aspnet user write access?
 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      12-06-2005
Hello Mike,

if the account has the needed ACLs - yes of course - this is possible

give that a try:

can you programmatically read from:
C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files

this is where ASP.NET compiles the page assemblies to and copies all other
needed assemblies

if you can read from this directory you can compromise every ASP.NET app
on the server

The only effective way of isolation applications is to use partial trust.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> How secure is the .net framework in a shared hosting enviroment?
>
> I am discussing running a .net application with a hosting company and
> they are reluctant to allow the aspnet user account write access to a
> folder within my site. They are saying that this is insecure. I
> believe that they are wrong but would like a more informed opinion.
>
> Is it possible for one site to access files from another site using
> .net?
>
> Is there a better way of allowing an application to write to a folder
> than giving the aspnet user write access?
>



 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      12-06-2005
The other thing that is interesting is that the OP mentions the use of the
ASPNET account. That would seem to indicate that they are using Windows
2000 instead of 2003. That seems like a questionable thing to be doing for
a professional hosting company.

If they were using 2003, they could put the application in its own app pool
and set that up to run with a specific identity easily. The app would be
isolated from the other apps on the server at the process level.

That approach seems to make much more sense to me.

Joe K.

"Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed). com...
> Hello Mike,
>
> if the account has the needed ACLs - yes of course - this is possible
>
> give that a try:
>
> can you programmatically read from:
> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
>
> this is where ASP.NET compiles the page assemblies to and copies all other
> needed assemblies
>
> if you can read from this directory you can compromise every ASP.NET app
> on the server
>
> The only effective way of isolation applications is to use partial trust.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> How secure is the .net framework in a shared hosting enviroment?
>>
>> I am discussing running a .net application with a hosting company and
>> they are reluctant to allow the aspnet user account write access to a
>> folder within my site. They are saying that this is insecure. I
>> believe that they are wrong but would like a more informed opinion.
>>
>> Is it possible for one site to access files from another site using
>> .net?
>>
>> Is there a better way of allowing an application to write to a folder
>> than giving the aspnet user write access?
>>

>
>



 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      12-06-2005
Hello Joe,

still you would have trouble isolating the temp asp.net folder...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> The other thing that is interesting is that the OP mentions the use of
> the ASPNET account. That would seem to indicate that they are using
> Windows 2000 instead of 2003. That seems like a questionable thing to
> be doing for a professional hosting company.
>
> If they were using 2003, they could put the application in its own app
> pool and set that up to run with a specific identity easily. The app
> would be isolated from the other apps on the server at the process
> level.
>
> That approach seems to make much more sense to me.
>
> Joe K.
>
> "Dominick Baier [DevelopMentor]"
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed). com...
>
>> Hello Mike,
>>
>> if the account has the needed ACLs - yes of course - this is possible
>>
>> give that a try:
>>
>> can you programmatically read from:
>> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
>> this is where ASP.NET compiles the page assemblies to and copies all
>> other needed assemblies
>>
>> if you can read from this directory you can compromise every ASP.NET
>> app on the server
>>
>> The only effective way of isolation applications is to use partial
>> trust.
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> How secure is the .net framework in a shared hosting enviroment?
>>>
>>> I am discussing running a .net application with a hosting company
>>> and they are reluctant to allow the aspnet user account write access
>>> to a folder within my site. They are saying that this is insecure. I
>>> believe that they are wrong but would like a more informed opinion.
>>>
>>> Is it possible for one site to access files from another site using
>>> .net?
>>>
>>> Is there a better way of allowing an application to write to a
>>> folder than giving the aspnet user write access?
>>>



 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      12-06-2005
Can you explain how the temp asp.net folder here is a problem?

My understanding was that it is used for storage of compiled pages and such.

If he just wants to have a specific folder within his own site set for read
access to his app pool, would it not be possible to restrict that with an
ACL that only allowed his particular app pool identity and disallowed the
other IIS_WPG accounts?

I don't have a great understanding of how the temp asp.net folder works
though, so I'd like to understand that better.

Thanks!

Joe

"Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed). com...
> Hello Joe,
>
> still you would have trouble isolating the temp asp.net folder...
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>



 
Reply With Quote
 
Mike Parris
Guest
Posts: n/a
 
      12-06-2005
Thanks Joe. This helps.

Just to clarify a point. The reference to the ASPNET user was from me. I
develop on Win 2000 so I forgot to include the NETWORK SERVICE user in my
description. In fact I believe they are using Win 2003.

I think it fair to say that security would be better for a .net site than
for their current other asp sites.

Mike

"Joe Kaplan (MVP - ADSI)" wrote:

> The other thing that is interesting is that the OP mentions the use of the
> ASPNET account. That would seem to indicate that they are using Windows
> 2000 instead of 2003. That seems like a questionable thing to be doing for
> a professional hosting company.
>
> If they were using 2003, they could put the application in its own app pool
> and set that up to run with a specific identity easily. The app would be
> isolated from the other apps on the server at the process level.
>
> That approach seems to make much more sense to me.
>
> Joe K.
>
> "Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
> wrote in message news:(E-Mail Removed). com...
> > Hello Mike,
> >
> > if the account has the needed ACLs - yes of course - this is possible
> >
> > give that a try:
> >
> > can you programmatically read from:
> > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
> >
> > this is where ASP.NET compiles the page assemblies to and copies all other
> > needed assemblies
> >
> > if you can read from this directory you can compromise every ASP.NET app
> > on the server
> >
> > The only effective way of isolation applications is to use partial trust.
> >
> > ---------------------------------------
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> >> How secure is the .net framework in a shared hosting enviroment?
> >>
> >> I am discussing running a .net application with a hosting company and
> >> they are reluctant to allow the aspnet user account write access to a
> >> folder within my site. They are saying that this is insecure. I
> >> believe that they are wrong but would like a more informed opinion.
> >>
> >> Is it possible for one site to access files from another site using
> >> .net?
> >>
> >> Is there a better way of allowing an application to write to a folder
> >> than giving the aspnet user write access?
> >>

> >
> >

>
>
>

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      12-07-2005
Security certainly can't be any worse with a .NET app than with an ASP app
that uses the same deployment model. .NET doesn't elevate privileges or
anything like that.

If they are using 2003, then they could potentially create a separate app
pool for your app (which is a good idea in general from a hosting
perspective). If they did that, they could run your app pool under its own
identity in order to help keep the apps isolated.

Based on what I think Dominick was getting at, I don't think this solves the
problem of access to the temp asp.net files directory, but from what I
understand, it should allow your scenario securely.

I could definitely be wrong though, so we'll see what D. has to say when he
gets up tomorrow.

Joe K.

"Mike Parris" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Joe. This helps.
>
> Just to clarify a point. The reference to the ASPNET user was from me. I
> develop on Win 2000 so I forgot to include the NETWORK SERVICE user in my
> description. In fact I believe they are using Win 2003.
>
> I think it fair to say that security would be better for a .net site than
> for their current other asp sites.
>
> Mike
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> The other thing that is interesting is that the OP mentions the use of
>> the
>> ASPNET account. That would seem to indicate that they are using Windows
>> 2000 instead of 2003. That seems like a questionable thing to be doing
>> for
>> a professional hosting company.
>>
>> If they were using 2003, they could put the application in its own app
>> pool
>> and set that up to run with a specific identity easily. The app would be
>> isolated from the other apps on the server at the process level.
>>
>> That approach seems to make much more sense to me.
>>
>> Joe K.
>>
>> "Dominick Baier [DevelopMentor]" <(E-Mail Removed)>
>> wrote in message news:(E-Mail Removed). com...
>> > Hello Mike,
>> >
>> > if the account has the needed ACLs - yes of course - this is possible
>> >
>> > give that a try:
>> >
>> > can you programmatically read from:
>> > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
>> >
>> > this is where ASP.NET compiles the page assemblies to and copies all
>> > other
>> > needed assemblies
>> >
>> > if you can read from this directory you can compromise every ASP.NET
>> > app
>> > on the server
>> >
>> > The only effective way of isolation applications is to use partial
>> > trust.
>> >
>> > ---------------------------------------
>> > Dominick Baier - DevelopMentor
>> > http://www.leastprivilege.com
>> >
>> >> How secure is the .net framework in a shared hosting enviroment?
>> >>
>> >> I am discussing running a .net application with a hosting company and
>> >> they are reluctant to allow the aspnet user account write access to a
>> >> folder within my site. They are saying that this is insecure. I
>> >> believe that they are wrong but would like a more informed opinion.
>> >>
>> >> Is it possible for one site to access files from another site using
>> >> .net?
>> >>
>> >> Is there a better way of allowing an application to write to a folder
>> >> than giving the aspnet user write access?
>> >>
>> >
>> >

>>
>>
>>



 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      12-07-2005
Hello Joe,

ok

in general it is dangerous to give the WP write access to the web directory.

think of this scenario: you somehow manage to pipe data in that directory
- e.g. text with an .aspx extension - afterwards one can execute the file
over the browser..

so in a shared hosting environment i can understand that the ISP sees security
implications - it would better to have a writable dir outside of the web
root.

this all is only possible if the ISP has separate appPools for the app -
which they normally don't do - because a lot of WPs suck memory and cpu out
of the web server..

but still then it is hard to really isolate apps on a web server - the temp
directory is just an example that came to my mind which is often overlooked
by ISPs -

usually IIS_WPG has modify on the whole directory tree...this was not really
related to the question but i thought i throw it in but this allows to
download the compiled assemblies of other apps on the server - so much for
isolation...

in general the only way to effectively isolate apps in a shared environmen
in partial trust - if PT is in place i would have no problems opening up
directories for a customer - assuming the ISP understands policy....

hope that clarifies it a bit...

a POC for the temp dir problem:

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Configuration" %>
<%@ Import Namespace="System.IO" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
protected string tempDirectory
{
// get the location of the temp directories, if not specifically

// configured, take the default location
get
{
CompilationSection comp = (CompilationSection)
WebConfigurationManager.GetWebApplicationSection
("system.web/compilation");

if (!string.IsNullOrEmpty(comp.TempDirectory))
return comp.TempDirectory;
else
return Path.Combine
(HttpRuntime.AspInstallDirectory, "Temporary ASP.NET
Files");
}
}

// traverse sub-folders
protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs e)
{
string path = e.Node.Value;
foreach (string directory in Directory.GetDirectories(path))
{
string name = Path.GetFileName(directory);
TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name);
n.PopulateOnDemand = true;
e.Node.ChildNodes.Add(n);
}
}

protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
TreeNode node = new TreeNode("temp dir", tempDirectory);
node.PopulateOnDemand = true;
_treeView.Nodes.Add(node);
}
}

protected void _treeView_SelectedNodeChanged(object sender, EventArgs e)
{
_lstFiles.Items.Clear();
foreach (string f in Directory.GetFiles(_treeView.SelectedNode.Value))
{
_lstFiles.Items.Add(f);
}
}

// download the selected file
protected void _btnDownload_Click(object sender, EventArgs e)
{
Response.AddHeader("Content-Type", "binary/octet-stream");
Response.AddHeader(
"Content-Disposition", string.Format("attachment; filename={0}",
Path.GetFileName(_lstFiles.SelectedValue)));

Response.WriteFile(_lstFiles.SelectedValue);
Response.End();
}
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Download Assemblies of other Applications</title>
</head>
<body>
<form id="form1" runat="server">
<div>
ASP.NET Temp Directory;
<asp:TreeView ExpandDepth="0" runat="server" ID="_treeView"
OnTreeNodePopulate="_treeView_OnPopulate"
OnSelectedNodeChanged="_treeView_SelectedNodeChang ed" />
<br />
Files:
<br />
<asp:ListBox runat="server" ID="_lstFiles" Height="150px" />
<br />
<asp:Button runat="server" ID="_btnDownload" Text="Download"
OnClick="_btnDownload_Click" />
</div>
</form>
</body>
</html>


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Security certainly can't be any worse with a .NET app than with an ASP
> app that uses the same deployment model. .NET doesn't elevate
> privileges or anything like that.
>
> If they are using 2003, then they could potentially create a separate
> app pool for your app (which is a good idea in general from a hosting
> perspective). If they did that, they could run your app pool under
> its own identity in order to help keep the apps isolated.
>
> Based on what I think Dominick was getting at, I don't think this
> solves the problem of access to the temp asp.net files directory, but
> from what I understand, it should allow your scenario securely.
>
> I could definitely be wrong though, so we'll see what D. has to say
> when he gets up tomorrow.
>
> Joe K.
>
> "Mike Parris" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>> Thanks Joe. This helps.
>>
>> Just to clarify a point. The reference to the ASPNET user was from
>> me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE
>> user in my description. In fact I believe they are using Win 2003.
>>
>> I think it fair to say that security would be better for a .net site
>> than for their current other asp sites.
>>
>> Mike
>>
>> "Joe Kaplan (MVP - ADSI)" wrote:
>>
>>> The other thing that is interesting is that the OP mentions the use
>>> of
>>> the
>>> ASPNET account. That would seem to indicate that they are using
>>> Windows
>>> 2000 instead of 2003. That seems like a questionable thing to be
>>> doing
>>> for
>>> a professional hosting company.
>>> If they were using 2003, they could put the application in its own
>>> app
>>> pool
>>> and set that up to run with a specific identity easily. The app
>>> would be
>>> isolated from the other apps on the server at the process level.
>>> That approach seems to make much more sense to me.
>>>
>>> Joe K.
>>>
>>> "Dominick Baier [DevelopMentor]"
>>> <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed). com...
>>>
>>>> Hello Mike,
>>>>
>>>> if the account has the needed ACLs - yes of course - this is
>>>> possible
>>>>
>>>> give that a try:
>>>>
>>>> can you programmatically read from:
>>>> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
>>>> this is where ASP.NET compiles the page assemblies to and copies
>>>> all
>>>> other
>>>> needed assemblies
>>>> if you can read from this directory you can compromise every
>>>> ASP.NET
>>>> app
>>>> on the server
>>>> The only effective way of isolation applications is to use partial
>>>> trust.
>>>>
>>>> ---------------------------------------
>>>> Dominick Baier - DevelopMentor
>>>> http://www.leastprivilege.com
>>>>> How secure is the .net framework in a shared hosting enviroment?
>>>>>
>>>>> I am discussing running a .net application with a hosting company
>>>>> and they are reluctant to allow the aspnet user account write
>>>>> access to a folder within my site. They are saying that this is
>>>>> insecure. I believe that they are wrong but would like a more
>>>>> informed opinion.
>>>>>
>>>>> Is it possible for one site to access files from another site
>>>>> using .net?
>>>>>
>>>>> Is there a better way of allowing an application to write to a
>>>>> folder than giving the aspnet user write access?
>>>>>



 
Reply With Quote
 
Mike Parris
Guest
Posts: n/a
 
      12-07-2005
Thanks Dominick and Joe

Your replies have cetainly improved my understanding of the subject and I am
sure will be useful in the future.

My client's Hosting company have however told me to go away, or words to
that effect, but not so nicely put. So I will have to create a solution for
my client that does not require .net at the server end.



"Dominick Baier [DevelopMentor]" wrote:

> Hello Joe,
>
> ok
>
> in general it is dangerous to give the WP write access to the web directory.
>
> think of this scenario: you somehow manage to pipe data in that directory
> - e.g. text with an .aspx extension - afterwards one can execute the file
> over the browser..
>
> so in a shared hosting environment i can understand that the ISP sees security
> implications - it would better to have a writable dir outside of the web
> root.
>
> this all is only possible if the ISP has separate appPools for the app -
> which they normally don't do - because a lot of WPs suck memory and cpu out
> of the web server..
>
> but still then it is hard to really isolate apps on a web server - the temp
> directory is just an example that came to my mind which is often overlooked
> by ISPs -
>
> usually IIS_WPG has modify on the whole directory tree...this was not really
> related to the question but i thought i throw it in but this allows to
> download the compiled assemblies of other apps on the server - so much for
> isolation...
>
> in general the only way to effectively isolate apps in a shared environmen
> in partial trust - if PT is in place i would have no problems opening up
> directories for a customer - assuming the ISP understands policy....
>
> hope that clarifies it a bit...
>
> a POC for the temp dir problem:
>
> <%@ Page Language="C#" %>
> <%@ Import Namespace="System.Web.Configuration" %>
> <%@ Import Namespace="System.IO" %>
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>
> <script runat="server">
> protected string tempDirectory
> {
> // get the location of the temp directories, if not specifically
>
> // configured, take the default location
> get
> {
> CompilationSection comp = (CompilationSection)
> WebConfigurationManager.GetWebApplicationSection
> ("system.web/compilation");
>
> if (!string.IsNullOrEmpty(comp.TempDirectory))
> return comp.TempDirectory;
> else
> return Path.Combine
> (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET
> Files");
> }
> }
>
> // traverse sub-folders
> protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs e)
> {
> string path = e.Node.Value;
> foreach (string directory in Directory.GetDirectories(path))
> {
> string name = Path.GetFileName(directory);
> TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name);
> n.PopulateOnDemand = true;
> e.Node.ChildNodes.Add(n);
> }
> }
>
> protected void Page_Load(object sender, EventArgs e)
> {
> if (!IsPostBack)
> {
> TreeNode node = new TreeNode("temp dir", tempDirectory);
> node.PopulateOnDemand = true;
> _treeView.Nodes.Add(node);
> }
> }
>
> protected void _treeView_SelectedNodeChanged(object sender, EventArgs e)
> {
> _lstFiles.Items.Clear();
> foreach (string f in Directory.GetFiles(_treeView.SelectedNode.Value))
> {
> _lstFiles.Items.Add(f);
> }
> }
>
> // download the selected file
> protected void _btnDownload_Click(object sender, EventArgs e)
> {
> Response.AddHeader("Content-Type", "binary/octet-stream");
> Response.AddHeader(
> "Content-Disposition", string.Format("attachment; filename={0}",
> Path.GetFileName(_lstFiles.SelectedValue)));
>
> Response.WriteFile(_lstFiles.SelectedValue);
> Response.End();
> }
> </script>
>
> <html xmlns="http://www.w3.org/1999/xhtml">
> <head runat="server">
> <title>Download Assemblies of other Applications</title>
> </head>
> <body>
> <form id="form1" runat="server">
> <div>
> ASP.NET Temp Directory;
> <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView"
> OnTreeNodePopulate="_treeView_OnPopulate"
> OnSelectedNodeChanged="_treeView_SelectedNodeChang ed" />
> <br />
> Files:
> <br />
> <asp:ListBox runat="server" ID="_lstFiles" Height="150px" />
> <br />
> <asp:Button runat="server" ID="_btnDownload" Text="Download"
> OnClick="_btnDownload_Click" />
> </div>
> </form>
> </body>
> </html>
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Security certainly can't be any worse with a .NET app than with an ASP
> > app that uses the same deployment model. .NET doesn't elevate
> > privileges or anything like that.
> >
> > If they are using 2003, then they could potentially create a separate
> > app pool for your app (which is a good idea in general from a hosting
> > perspective). If they did that, they could run your app pool under
> > its own identity in order to help keep the apps isolated.
> >
> > Based on what I think Dominick was getting at, I don't think this
> > solves the problem of access to the temp asp.net files directory, but
> > from what I understand, it should allow your scenario securely.
> >
> > I could definitely be wrong though, so we'll see what D. has to say
> > when he gets up tomorrow.
> >
> > Joe K.
> >
> > "Mike Parris" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >
> >> Thanks Joe. This helps.
> >>
> >> Just to clarify a point. The reference to the ASPNET user was from
> >> me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE
> >> user in my description. In fact I believe they are using Win 2003.
> >>
> >> I think it fair to say that security would be better for a .net site
> >> than for their current other asp sites.
> >>
> >> Mike
> >>
> >> "Joe Kaplan (MVP - ADSI)" wrote:
> >>
> >>> The other thing that is interesting is that the OP mentions the use
> >>> of
> >>> the
> >>> ASPNET account. That would seem to indicate that they are using
> >>> Windows
> >>> 2000 instead of 2003. That seems like a questionable thing to be
> >>> doing
> >>> for
> >>> a professional hosting company.
> >>> If they were using 2003, they could put the application in its own
> >>> app
> >>> pool
> >>> and set that up to run with a specific identity easily. The app
> >>> would be
> >>> isolated from the other apps on the server at the process level.
> >>> That approach seems to make much more sense to me.
> >>>
> >>> Joe K.
> >>>
> >>> "Dominick Baier [DevelopMentor]"
> >>> <(E-Mail Removed)> wrote in message
> >>> news:(E-Mail Removed). com...
> >>>
> >>>> Hello Mike,
> >>>>
> >>>> if the account has the needed ACLs - yes of course - this is
> >>>> possible
> >>>>
> >>>> give that a try:
> >>>>
> >>>> can you programmatically read from:
> >>>> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
> >>>> this is where ASP.NET compiles the page assemblies to and copies
> >>>> all
> >>>> other
> >>>> needed assemblies
> >>>> if you can read from this directory you can compromise every
> >>>> ASP.NET
> >>>> app
> >>>> on the server
> >>>> The only effective way of isolation applications is to use partial
> >>>> trust.
> >>>>
> >>>> ---------------------------------------
> >>>> Dominick Baier - DevelopMentor
> >>>> http://www.leastprivilege.com
> >>>>> How secure is the .net framework in a shared hosting enviroment?
> >>>>>
> >>>>> I am discussing running a .net application with a hosting company
> >>>>> and they are reluctant to allow the aspnet user account write
> >>>>> access to a folder within my site. They are saying that this is
> >>>>> insecure. I believe that they are wrong but would like a more
> >>>>> informed opinion.
> >>>>>
> >>>>> Is it possible for one site to access files from another site
> >>>>> using .net?
> >>>>>
> >>>>> Is there a better way of allowing an application to write to a
> >>>>> folder than giving the aspnet user write access?
> >>>>>

>
>
>

 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      12-08-2005
Hello Mike,

how about using a dedicated server - they are not that much expensive and
you are your own admin??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Thanks Dominick and Joe
>
> Your replies have cetainly improved my understanding of the subject
> and I am sure will be useful in the future.
>
> My client's Hosting company have however told me to go away, or words
> to that effect, but not so nicely put. So I will have to create a
> solution for my client that does not require .net at the server end.
>
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello Joe,
>>
>> ok
>>
>> in general it is dangerous to give the WP write access to the web
>> directory.
>>
>> think of this scenario: you somehow manage to pipe data in that
>> directory - e.g. text with an .aspx extension - afterwards one can
>> execute the file over the browser..
>>
>> so in a shared hosting environment i can understand that the ISP sees
>> security implications - it would better to have a writable dir
>> outside of the web root.
>>
>> this all is only possible if the ISP has separate appPools for the
>> app - which they normally don't do - because a lot of WPs suck memory
>> and cpu out of the web server..
>>
>> but still then it is hard to really isolate apps on a web server -
>> the temp directory is just an example that came to my mind which is
>> often overlooked by ISPs -
>>
>> usually IIS_WPG has modify on the whole directory tree...this was not
>> really related to the question but i thought i throw it in but
>> this allows to download the compiled assemblies of other apps on the
>> server - so much for isolation...
>>
>> in general the only way to effectively isolate apps in a shared
>> environmen in partial trust - if PT is in place i would have no
>> problems opening up directories for a customer - assuming the ISP
>> understands policy....
>>
>> hope that clarifies it a bit...
>>
>> a POC for the temp dir problem:
>>
>> <%@ Page Language="C#" %>
>> <%@ Import Namespace="System.Web.Configuration" %>
>> <%@ Import Namespace="System.IO" %>
>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>>
>> <script runat="server">
>> protected string tempDirectory
>> {
>> // get the location of the temp directories, if not specifically
>> // configured, take the default location
>> get
>> {
>> CompilationSection comp = (CompilationSection)
>> WebConfigurationManager.GetWebApplicationSection
>> ("system.web/compilation");
>> if (!string.IsNullOrEmpty(comp.TempDirectory))
>> return comp.TempDirectory;
>> else
>> return Path.Combine
>> (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET
>> Files");
>> }
>> }
>> // traverse sub-folders
>> protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs
>> e)
>> {
>> string path = e.Node.Value;
>> foreach (string directory in Directory.GetDirectories(path))
>> {
>> string name = Path.GetFileName(directory);
>> TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name);
>> n.PopulateOnDemand = true;
>> e.Node.ChildNodes.Add(n);
>> }
>> }
>> protected void Page_Load(object sender, EventArgs e)
>> {
>> if (!IsPostBack)
>> {
>> TreeNode node = new TreeNode("temp dir", tempDirectory);
>> node.PopulateOnDemand = true;
>> _treeView.Nodes.Add(node);
>> }
>> }
>> protected void _treeView_SelectedNodeChanged(object sender, EventArgs
>> e)
>> {
>> _lstFiles.Items.Clear();
>> foreach (string f in
>> Directory.GetFiles(_treeView.SelectedNode.Value))
>> {
>> _lstFiles.Items.Add(f);
>> }
>> }
>> // download the selected file
>> protected void _btnDownload_Click(object sender, EventArgs e)
>> {
>> Response.AddHeader("Content-Type", "binary/octet-stream");
>> Response.AddHeader(
>> "Content-Disposition", string.Format("attachment; filename={0}",
>> Path.GetFileName(_lstFiles.SelectedValue)));
>> Response.WriteFile(_lstFiles.SelectedValue);
>> Response.End();
>> }
>> </script>
>> <html xmlns="http://www.w3.org/1999/xhtml">
>> <head runat="server">
>> <title>Download Assemblies of other Applications</title>
>> </head>
>> <body>
>> <form id="form1" runat="server">
>> <div>
>> ASP.NET Temp Directory;
>> <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView"
>> OnTreeNodePopulate="_treeView_OnPopulate"
>> OnSelectedNodeChanged="_treeView_SelectedNodeChang ed" />
>> <br />
>> Files:
>> <br />
>> <asp:ListBox runat="server" ID="_lstFiles" Height="150px" />
>> <br />
>> <asp:Button runat="server" ID="_btnDownload" Text="Download"
>> OnClick="_btnDownload_Click" />
>> </div>
>> </form>
>> </body>
>> </html>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Security certainly can't be any worse with a .NET app than with an
>>> ASP app that uses the same deployment model. .NET doesn't elevate
>>> privileges or anything like that.
>>>
>>> If they are using 2003, then they could potentially create a
>>> separate app pool for your app (which is a good idea in general from
>>> a hosting perspective). If they did that, they could run your app
>>> pool under its own identity in order to help keep the apps isolated.
>>>
>>> Based on what I think Dominick was getting at, I don't think this
>>> solves the problem of access to the temp asp.net files directory,
>>> but from what I understand, it should allow your scenario securely.
>>>
>>> I could definitely be wrong though, so we'll see what D. has to say
>>> when he gets up tomorrow.
>>>
>>> Joe K.
>>>
>>> "Mike Parris" <(E-Mail Removed)> wrote in
>>> message news:(E-Mail Removed)...
>>>
>>>> Thanks Joe. This helps.
>>>>
>>>> Just to clarify a point. The reference to the ASPNET user was from
>>>> me. I develop on Win 2000 so I forgot to include the NETWORK
>>>> SERVICE user in my description. In fact I believe they are using
>>>> Win 2003.
>>>>
>>>> I think it fair to say that security would be better for a .net
>>>> site than for their current other asp sites.
>>>>
>>>> Mike
>>>>
>>>> "Joe Kaplan (MVP - ADSI)" wrote:
>>>>
>>>>> The other thing that is interesting is that the OP mentions the
>>>>> use
>>>>> of
>>>>> the
>>>>> ASPNET account. That would seem to indicate that they are using
>>>>> Windows
>>>>> 2000 instead of 2003. That seems like a questionable thing to be
>>>>> doing
>>>>> for
>>>>> a professional hosting company.
>>>>> If they were using 2003, they could put the application in its own
>>>>> app
>>>>> pool
>>>>> and set that up to run with a specific identity easily. The app
>>>>> would be
>>>>> isolated from the other apps on the server at the process level.
>>>>> That approach seems to make much more sense to me.
>>>>> Joe K.
>>>>>
>>>>> "Dominick Baier [DevelopMentor]"
>>>>> <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed). com...
>>>>>
>>>>>> Hello Mike,
>>>>>>
>>>>>> if the account has the needed ACLs - yes of course - this is
>>>>>> possible
>>>>>>
>>>>>> give that a try:
>>>>>>
>>>>>> can you programmatically read from:
>>>>>> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
>>>>>> this is where ASP.NET compiles the page assemblies to and copies
>>>>>> all
>>>>>> other
>>>>>> needed assemblies
>>>>>> if you can read from this directory you can compromise every
>>>>>> ASP.NET
>>>>>> app
>>>>>> on the server
>>>>>> The only effective way of isolation applications is to use
>>>>>> partial
>>>>>> trust.
>>>>>> ---------------------------------------
>>>>>> Dominick Baier - DevelopMentor
>>>>>> http://www.leastprivilege.com
>>>>>>> How secure is the .net framework in a shared hosting enviroment?
>>>>>>>
>>>>>>> I am discussing running a .net application with a hosting
>>>>>>> company and they are reluctant to allow the aspnet user account
>>>>>>> write access to a folder within my site. They are saying that
>>>>>>> this is insecure. I believe that they are wrong but would like a
>>>>>>> more informed opinion.
>>>>>>>
>>>>>>> Is it possible for one site to access files from another site
>>>>>>> using .net?
>>>>>>>
>>>>>>> Is there a better way of allowing an application to write to a
>>>>>>> folder than giving the aspnet user write access?
>>>>>>>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Web Hosting, Reseller Hosting, and Dedicated Hosting!!!!!! teo1991 Ruby 0 04-02-2009 01:50 PM
Web Hosting, Reseller Hosting, and Dedicated Hosting!!!!!! ufi02 ASP .Net 0 03-27-2009 07:49 PM
Web Hosting - reseller hosting Aravapalli HTML 8 12-21-2007 02:24 PM
ANN: Free Trac/Subversion hosting at Python-Hosting.com Remi Delon Python 0 01-19-2005 06:15 PM
US web hosting or UK web hosting comapnies? Bhoona Computer Support 3 03-04-2004 12:59 AM



Advertisments