Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
ASPNET Security best practices
Message
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: ASPNET Security best practices
Miscellaneous
Thread ID:
00757129
Message ID:
00759693
Views:
24
>Hi-ya Cathi!!!!
>
>Ya, that's what I'm hoping. We'll see tomorrow when I get in touch with the guy who's supposed to be installing it. Also I was thinking for an internal website (intranet only), would it be *really* bad to grant access to the SYSTEM account? I say yes, but....

That really depends. Remember that IIS to date has always been running with System account rights behind the scenes so any ISAPI and even ASP pages can gain access to this.

The SYSTEM issue IMHO, is overrated because it is a problem only if your server is already hacked and somebody can get in there to run code. Especially on Co-lo boxes where you app is the only one running (IOW, not snooping on other apps <g>).

I find that running with default ASPNET security to be problematic in many cases. While it probably works OK for most apps, it's a problem for many admin type tasks where you do need free roam of the OS in many cases. Most app backends needs this type of functionality...


+++ Rick ---
+++ Rick ---

West Wind Technologies
Maui, Hawaii

west-wind.com/
West Wind Message Board
Rick's Web Log
Markdown Monster
---
Making waves on the Web

Where do you want to surf today?
Previous
Reply
Map
View

Click here to load this message in the networking platform