Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
ASPNET Security best practices
Message
Information générale
Forum:
ASP.NET
Catégorie:
Autre
Titre:
Re: ASPNET Security best practices
Divers
Thread ID:
00757129
Message ID:
00759693
Vues:
17
>Hi-ya Cathi!!!!
>
>Ya, that's what I'm hoping. We'll see tomorrow when I get in touch with the guy who's supposed to be installing it. Also I was thinking for an internal website (intranet only), would it be *really* bad to grant access to the SYSTEM account? I say yes, but....

That really depends. Remember that IIS to date has always been running with System account rights behind the scenes so any ISAPI and even ASP pages can gain access to this.

The SYSTEM issue IMHO, is overrated because it is a problem only if your server is already hacked and somebody can get in there to run code. Especially on Co-lo boxes where you app is the only one running (IOW, not snooping on other apps <g>).

I find that running with default ASPNET security to be problematic in many cases. While it probably works OK for most apps, it's a problem for many admin type tasks where you do need free roam of the OS in many cases. Most app backends needs this type of functionality...


+++ Rick ---
+++ Rick ---

West Wind Technologies
Maui, Hawaii

west-wind.com/
West Wind Message Board
Rick's Web Log
Markdown Monster
---
Making waves on the Web

Where do you want to surf today?
Précédent
Répondre
Fil
Voir

Click here to load this message in the networking platform