J
Jeff Robichaud
Are there any security issues having the ASPNET user account member of
Administrators ? Is it a good practice ?
Administrators ? Is it a good practice ?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
Kevin Spencer
If you own the server, and you're not running anyone else's ASP.Net apps
with it, sure, it won't hurt.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
with it, sure, it won't hurt.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
M
Matt Berther
Hello Kevin,
So much for the principle of least privilege...
Jeff: What problems are you encountering that you feel that this is necessary?
So much for the principle of least privilege...
Jeff: What problems are you encountering that you feel that this is necessary?
W
WJ
ASPNet account is a default account, similar to Anonymous account, thatJeff Robichaud said:Are there any security issues having the ASPNET user account member of
Administrators ? Is it a good practice ?
IIS-5 uses when a particular web site is configured as "anonymous". The
default state is very "least privilege". With Admin membership, it is too
high and risky. I would take Admin privilege away from ASPNET.
John
K
Kevin Spencer
So much for the principle of least privilege...
The principle of least privilege. Where did you find that?
I believe in principles. In general, where security is the issue, the
principle is, use the security that you need. For example, my company owns
their own servers and doesn't host. We run ASP.Net under the System account.
Now, if you have a problem with that, you might want to rethink whether
almost all of your local machine appplications should run under the System
account (they do).
Microsoft ships all of their software locked down to prevent support calls
and complaints from security issues. In other words, if you open it, you're
responsible for it. That doesn't mean that on every computer every security
setting should be locked down tight. Nothing would run. It means that
security should be configured with full knowledge of the issues involved.
If it were always a bad idea to run ASP.Net under the System account,
Microsoft wouldn't have bothered to make that option available. Making the
ASP.Net account a Network Admin has much the same effect. I agree, he's
painting with a broad brush, but the objective is to prevent spills, not to
paint with the smallest brush possible.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
The principle of least privilege. Where did you find that?
I believe in principles. In general, where security is the issue, the
principle is, use the security that you need. For example, my company owns
their own servers and doesn't host. We run ASP.Net under the System account.
Now, if you have a problem with that, you might want to rethink whether
almost all of your local machine appplications should run under the System
account (they do).
Microsoft ships all of their software locked down to prevent support calls
and complaints from security issues. In other words, if you open it, you're
responsible for it. That doesn't mean that on every computer every security
setting should be locked down tight. Nothing would run. It means that
security should be configured with full knowledge of the issues involved.
If it were always a bad idea to run ASP.Net under the System account,
Microsoft wouldn't have bothered to make that option available. Making the
ASP.Net account a Network Admin has much the same effect. I agree, he's
painting with a broad brush, but the objective is to prevent spills, not to
paint with the smallest brush possible.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
J
Jeff Robichaud
Here's the short story: I'm a consultant, and in my current contract I've
seen a server having ASPNET an Administrator. I felt it was risky but not
knowing exactly why. Investigation led me learn that the reason for this is
that some exception handling mechanism has to write to the Event Log, and
the first time it does, it has to write a key in the registry, thus it has
to have admin rights (well in fact I think the key should be created using a
Installation program or by hand, not the first time the app crashes). So in
our developement environment here we did not bother removing the ASPNET
account from Administrators. But in the final production environment I just
wanted to know what security issues could be involved in being set up this
way. So basically my question was : "In saying that having the ASPNET
account member of Administrators might be risky, can someone define the word
'risky' in this context ? What evil can happen ?"
seen a server having ASPNET an Administrator. I felt it was risky but not
knowing exactly why. Investigation led me learn that the reason for this is
that some exception handling mechanism has to write to the Event Log, and
the first time it does, it has to write a key in the registry, thus it has
to have admin rights (well in fact I think the key should be created using a
Installation program or by hand, not the first time the app crashes). So in
our developement environment here we did not bother removing the ASPNET
account from Administrators. But in the final production environment I just
wanted to know what security issues could be involved in being set up this
way. So basically my question was : "In saying that having the ASPNET
account member of Administrators might be risky, can someone define the word
'risky' in this context ? What evil can happen ?"
M
Matt Berther
Hello Kevin,
I agree, to a point. Typically people try to cover up the root problem by
throwing more permissions at it. I wrote a post about this early last year
(http://www.mattberther.com/2004/04/000463.html).
The principle of least privilege. Where did you find that?
http://c2.com/cgi/wiki?PrincipleOfLeastPrivilege
If it were always a bad idea to run ASP.Net under the System account,
Microsoft wouldn't have bothered to make that option available. Making
the ASP.Net account a Network Admin has much the same effect. I agree,
he's painting with a broad brush, but the objective is to prevent
spills, not to paint with the smallest brush possible.
I agree, to a point. Typically people try to cover up the root problem by
throwing more permissions at it. I wrote a post about this early last year
(http://www.mattberther.com/2004/04/000463.html).
K
Kevin Spencer
Hi Matt,
First, let me point out that the article referenced was written by 2
consultants, who run their own business. IOW, it is not authoritative.
That being said, I found the article to be pretty solid. Still, the term is
their own, not anything standard.
I copied this from the page you referenced:
"But keep in mind that POLA is a principle of security design, not a hard
and fast rule that must be adhered to at all times, no matter what the cost.
If you don't understand what that means then see ThreeLevelsOfAudience,
because POLA is for a level 2 audience."
IOW, to quote another brilliant programming philosopher:
"...he's painting with a broad brush, but the objective is to prevent
spills, not to paint with the smallest brush possible."
--
;-),
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
First, let me point out that the article referenced was written by 2
consultants, who run their own business. IOW, it is not authoritative.
That being said, I found the article to be pretty solid. Still, the term is
their own, not anything standard.
I copied this from the page you referenced:
"But keep in mind that POLA is a principle of security design, not a hard
and fast rule that must be adhered to at all times, no matter what the cost.
If you don't understand what that means then see ThreeLevelsOfAudience,
because POLA is for a level 2 audience."
IOW, to quote another brilliant programming philosopher:
"...he's painting with a broad brush, but the objective is to prevent
spills, not to paint with the smallest brush possible."
--
;-),
Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.
M
Matt Berther
Hello Jeff,
I would tend to agree with Kevin, but will also stand by my point of fixing
this problem by moving the logic of creating the EventLog to an installer
(as you are thinking). The root cause of this problem can be solved without
granting elevated privileges to the ASPNET account.
I would tend to agree with Kevin, but will also stand by my point of fixing
this problem by moving the logic of creating the EventLog to an installer
(as you are thinking). The root cause of this problem can be solved without
granting elevated privileges to the ASPNET account.
I
IPGrunt
Hi Matt,
First, let me point out that the article referenced was written by 2
consultants, who run their own business. IOW, it is not authoritative.
That being said, I found the article to be pretty solid. Still, the term is
their own, not anything standard.
I copied this from the page you referenced:
"But keep in mind that POLA is a principle of security design, not a hard
and fast rule that must be adhered to at all times, no matter what the cost.
If you don't understand what that means then see ThreeLevelsOfAudience,
because POLA is for a level 2 audience."
IOW, to quote another brilliant programming philosopher:
"...he's painting with a broad brush, but the objective is to prevent
spills, not to paint with the smallest brush possible."
Just to butt in...
Microsoft has been preaching the principle of least privilege for at least 3
years (that was the last time I visited Redmond and attended some of their
..NET classes), and probably for longer than that.
-- ipgrunt
E
Eric
Microsoft has been preaching the principle of least privilege for at least 3
Absolutely! And many other companies have been preaching it also, many
of them were talking about it over a decade ago. I heard about it from
Sun in the early 90's.
By the way, if you use a broad brush you're more likely to get paint
where it doesn't belong.
Eric
years (that was the last time I visited Redmond and attended some of their
.NET classes), and probably for longer than that.
Absolutely! And many other companies have been preaching it also, many
of them were talking about it over a decade ago. I heard about it from
Sun in the early 90's.
By the way, if you use a broad brush you're more likely to get paint
where it doesn't belong.
Eric
I
IPGrunt
Absolutely! And many other companies have been preaching it also, many
of them were talking about it over a decade ago. I heard about it from
Sun in the early 90's.
By the way, if you use a broad brush you're more likely to get paint
where it doesn't belong.
Eric
Good point, Eric. Thanks for your input.
-- ipgrunt
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
Reverse search for a website
- Started by DRCM
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman
-
Hello Everyone
- Started by welly
-
Problem with code
- Started by camilin05