Restricting ASPNET ACLs without breaking ASPNET (newbie-ish)

Discussion in 'ASP .Net Security' started by Brian Schuth, Sep 8, 2003.

  1. Brian Schuth

    Brian Schuth Guest

    Scenario: We have a library with objects that host Jscript for the execution
    of complex validation code. This library is being called by an ASP.NET
    application. The ASP.NET process has the USERS role, which means either
    malicious or stupid systems developers could write a script that (for
    example) instantiates a FileSystemObject, and wipes out huge tracts of hard
    disk. To make things worse, there is a legitimate use for the FSO object,
    but only in a single directory.

    My first blush thought for solving this security ugliness is to give
    read-only access to ASPNET to all files, with the exception of the one
    directory where it is permitted to cause trouble. My questions are:

    * Is this the best way to go about this (Windows Authentication is not an
    option for me; neither is junking the Jscript hosting)?
    * I assume ASPNET needs writing privileges somewhere to get its work done;
    is it fairly easy to figure out where this is (I didn't find anything
    obvious on MSDN, but I may be getting sloppy...)? Or can I really get away
    with just giving ASPNET Read (and Execute) rights only from the disk root,
    and then giving Write privileges only where I want it? I'd just go ahead
    and try this, but I hate to do mass ACL changes without at least asking
    someone who knows better than I about it...

    Thanks.

    Brian Schuth

    Eastport, ME
     
    Brian Schuth, Sep 8, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gummy
    Replies:
    4
    Views:
    395
    Gummy
    Mar 31, 2006
  2. Amy
    Replies:
    0
    Views:
    539
  3. Kolossi
    Replies:
    7
    Views:
    1,150
    Kolossi
    Sep 14, 2005
  4. Brian Munroe
    Replies:
    10
    Views:
    609
    Andreas Leitgeb
    Apr 21, 2008
  5. Eric
    Replies:
    0
    Views:
    153
Loading...

Share This Page