J
Jeff Robichaud
Are there any security issues having the ASPNET user account member of
Administrators ? Is it a good practice ?
Administrators ? Is it a good practice ?
ASPNet account is a default account, similar to Anonymous account, thatJeff Robichaud said:Are there any security issues having the ASPNET user account member of
Administrators ? Is it a good practice ?
The principle of least privilege. Where did you find that?
http://c2.com/cgi/wiki?PrincipleOfLeastPrivilege
If it were always a bad idea to run ASP.Net under the System account,
Microsoft wouldn't have bothered to make that option available. Making
the ASP.Net account a Network Admin has much the same effect. I agree,
he's painting with a broad brush, but the objective is to prevent
spills, not to paint with the smallest brush possible.
Hi Matt,
First, let me point out that the article referenced was written by 2
consultants, who run their own business. IOW, it is not authoritative.
That being said, I found the article to be pretty solid. Still, the term is
their own, not anything standard.
I copied this from the page you referenced:
"But keep in mind that POLA is a principle of security design, not a hard
and fast rule that must be adhered to at all times, no matter what the cost.
If you don't understand what that means then see ThreeLevelsOfAudience,
because POLA is for a level 2 audience."
IOW, to quote another brilliant programming philosopher:
"...he's painting with a broad brush, but the objective is to prevent
spills, not to paint with the smallest brush possible."
years (that was the last time I visited Redmond and attended some of their
.NET classes), and probably for longer than that.
Absolutely! And many other companies have been preaching it also, many
of them were talking about it over a decade ago. I heard about it from
Sun in the early 90's.
By the way, if you use a broad brush you're more likely to get paint
where it doesn't belong.
Eric
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.