Shared Hosting

Discussion in 'ASP .Net Security' started by Mike Parris, Dec 6, 2005.

  1. Mike Parris

    Mike Parris Guest

    How secure is the .net framework in a shared hosting enviroment?

    I am discussing running a .net application with a hosting company and they
    are reluctant to allow the aspnet user account write access to a folder
    within my site. They are saying that this is insecure. I believe that they
    are wrong but would like a more informed opinion.

    Is it possible for one site to access files from another site using .net?

    Is there a better way of allowing an application to write to a folder than
    giving the aspnet user write access?
    Mike Parris, Dec 6, 2005
    #1
    1. Advertising

  2. Hello Mike,

    if the account has the needed ACLs - yes of course - this is possible

    give that a try:

    can you programmatically read from:
    C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files

    this is where ASP.NET compiles the page assemblies to and copies all other
    needed assemblies

    if you can read from this directory you can compromise every ASP.NET app
    on the server

    The only effective way of isolation applications is to use partial trust.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > How secure is the .net framework in a shared hosting enviroment?
    >
    > I am discussing running a .net application with a hosting company and
    > they are reluctant to allow the aspnet user account write access to a
    > folder within my site. They are saying that this is insecure. I
    > believe that they are wrong but would like a more informed opinion.
    >
    > Is it possible for one site to access files from another site using
    > .net?
    >
    > Is there a better way of allowing an application to write to a folder
    > than giving the aspnet user write access?
    >
    Dominick Baier [DevelopMentor], Dec 6, 2005
    #2
    1. Advertising

  3. The other thing that is interesting is that the OP mentions the use of the
    ASPNET account. That would seem to indicate that they are using Windows
    2000 instead of 2003. That seems like a questionable thing to be doing for
    a professional hosting company.

    If they were using 2003, they could put the application in its own app pool
    and set that up to run with a specific identity easily. The app would be
    isolated from the other apps on the server at the process level.

    That approach seems to make much more sense to me.

    Joe K.

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hello Mike,
    >
    > if the account has the needed ACLs - yes of course - this is possible
    >
    > give that a try:
    >
    > can you programmatically read from:
    > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
    >
    > this is where ASP.NET compiles the page assemblies to and copies all other
    > needed assemblies
    >
    > if you can read from this directory you can compromise every ASP.NET app
    > on the server
    >
    > The only effective way of isolation applications is to use partial trust.
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> How secure is the .net framework in a shared hosting enviroment?
    >>
    >> I am discussing running a .net application with a hosting company and
    >> they are reluctant to allow the aspnet user account write access to a
    >> folder within my site. They are saying that this is insecure. I
    >> believe that they are wrong but would like a more informed opinion.
    >>
    >> Is it possible for one site to access files from another site using
    >> .net?
    >>
    >> Is there a better way of allowing an application to write to a folder
    >> than giving the aspnet user write access?
    >>

    >
    >
    Joe Kaplan \(MVP - ADSI\), Dec 6, 2005
    #3
  4. Hello Joe,

    still you would have trouble isolating the temp asp.net folder...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > The other thing that is interesting is that the OP mentions the use of
    > the ASPNET account. That would seem to indicate that they are using
    > Windows 2000 instead of 2003. That seems like a questionable thing to
    > be doing for a professional hosting company.
    >
    > If they were using 2003, they could put the application in its own app
    > pool and set that up to run with a specific identity easily. The app
    > would be isolated from the other apps on the server at the process
    > level.
    >
    > That approach seems to make much more sense to me.
    >
    > Joe K.
    >
    > "Dominick Baier [DevelopMentor]"
    > <> wrote in message
    > news:...
    >
    >> Hello Mike,
    >>
    >> if the account has the needed ACLs - yes of course - this is possible
    >>
    >> give that a try:
    >>
    >> can you programmatically read from:
    >> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
    >> this is where ASP.NET compiles the page assemblies to and copies all
    >> other needed assemblies
    >>
    >> if you can read from this directory you can compromise every ASP.NET
    >> app on the server
    >>
    >> The only effective way of isolation applications is to use partial
    >> trust.
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> How secure is the .net framework in a shared hosting enviroment?
    >>>
    >>> I am discussing running a .net application with a hosting company
    >>> and they are reluctant to allow the aspnet user account write access
    >>> to a folder within my site. They are saying that this is insecure. I
    >>> believe that they are wrong but would like a more informed opinion.
    >>>
    >>> Is it possible for one site to access files from another site using
    >>> .net?
    >>>
    >>> Is there a better way of allowing an application to write to a
    >>> folder than giving the aspnet user write access?
    >>>
    Dominick Baier [DevelopMentor], Dec 6, 2005
    #4
  5. Can you explain how the temp asp.net folder here is a problem?

    My understanding was that it is used for storage of compiled pages and such.

    If he just wants to have a specific folder within his own site set for read
    access to his app pool, would it not be possible to restrict that with an
    ACL that only allowed his particular app pool identity and disallowed the
    other IIS_WPG accounts?

    I don't have a great understanding of how the temp asp.net folder works
    though, so I'd like to understand that better.

    Thanks!

    Joe

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hello Joe,
    >
    > still you would have trouble isolating the temp asp.net folder...
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    Joe Kaplan \(MVP - ADSI\), Dec 6, 2005
    #5
  6. Mike Parris

    Mike Parris Guest

    Thanks Joe. This helps.

    Just to clarify a point. The reference to the ASPNET user was from me. I
    develop on Win 2000 so I forgot to include the NETWORK SERVICE user in my
    description. In fact I believe they are using Win 2003.

    I think it fair to say that security would be better for a .net site than
    for their current other asp sites.

    Mike

    "Joe Kaplan (MVP - ADSI)" wrote:

    > The other thing that is interesting is that the OP mentions the use of the
    > ASPNET account. That would seem to indicate that they are using Windows
    > 2000 instead of 2003. That seems like a questionable thing to be doing for
    > a professional hosting company.
    >
    > If they were using 2003, they could put the application in its own app pool
    > and set that up to run with a specific identity easily. The app would be
    > isolated from the other apps on the server at the process level.
    >
    > That approach seems to make much more sense to me.
    >
    > Joe K.
    >
    > "Dominick Baier [DevelopMentor]" <>
    > wrote in message news:...
    > > Hello Mike,
    > >
    > > if the account has the needed ACLs - yes of course - this is possible
    > >
    > > give that a try:
    > >
    > > can you programmatically read from:
    > > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
    > >
    > > this is where ASP.NET compiles the page assemblies to and copies all other
    > > needed assemblies
    > >
    > > if you can read from this directory you can compromise every ASP.NET app
    > > on the server
    > >
    > > The only effective way of isolation applications is to use partial trust.
    > >
    > > ---------------------------------------
    > > Dominick Baier - DevelopMentor
    > > http://www.leastprivilege.com
    > >
    > >> How secure is the .net framework in a shared hosting enviroment?
    > >>
    > >> I am discussing running a .net application with a hosting company and
    > >> they are reluctant to allow the aspnet user account write access to a
    > >> folder within my site. They are saying that this is insecure. I
    > >> believe that they are wrong but would like a more informed opinion.
    > >>
    > >> Is it possible for one site to access files from another site using
    > >> .net?
    > >>
    > >> Is there a better way of allowing an application to write to a folder
    > >> than giving the aspnet user write access?
    > >>

    > >
    > >

    >
    >
    >
    Mike Parris, Dec 6, 2005
    #6
  7. Security certainly can't be any worse with a .NET app than with an ASP app
    that uses the same deployment model. .NET doesn't elevate privileges or
    anything like that.

    If they are using 2003, then they could potentially create a separate app
    pool for your app (which is a good idea in general from a hosting
    perspective). If they did that, they could run your app pool under its own
    identity in order to help keep the apps isolated.

    Based on what I think Dominick was getting at, I don't think this solves the
    problem of access to the temp asp.net files directory, but from what I
    understand, it should allow your scenario securely.

    I could definitely be wrong though, so we'll see what D. has to say when he
    gets up tomorrow. :)

    Joe K.

    "Mike Parris" <> wrote in message
    news:...
    > Thanks Joe. This helps.
    >
    > Just to clarify a point. The reference to the ASPNET user was from me. I
    > develop on Win 2000 so I forgot to include the NETWORK SERVICE user in my
    > description. In fact I believe they are using Win 2003.
    >
    > I think it fair to say that security would be better for a .net site than
    > for their current other asp sites.
    >
    > Mike
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    >> The other thing that is interesting is that the OP mentions the use of
    >> the
    >> ASPNET account. That would seem to indicate that they are using Windows
    >> 2000 instead of 2003. That seems like a questionable thing to be doing
    >> for
    >> a professional hosting company.
    >>
    >> If they were using 2003, they could put the application in its own app
    >> pool
    >> and set that up to run with a specific identity easily. The app would be
    >> isolated from the other apps on the server at the process level.
    >>
    >> That approach seems to make much more sense to me.
    >>
    >> Joe K.
    >>
    >> "Dominick Baier [DevelopMentor]" <>
    >> wrote in message news:...
    >> > Hello Mike,
    >> >
    >> > if the account has the needed ACLs - yes of course - this is possible
    >> >
    >> > give that a try:
    >> >
    >> > can you programmatically read from:
    >> > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
    >> >
    >> > this is where ASP.NET compiles the page assemblies to and copies all
    >> > other
    >> > needed assemblies
    >> >
    >> > if you can read from this directory you can compromise every ASP.NET
    >> > app
    >> > on the server
    >> >
    >> > The only effective way of isolation applications is to use partial
    >> > trust.
    >> >
    >> > ---------------------------------------
    >> > Dominick Baier - DevelopMentor
    >> > http://www.leastprivilege.com
    >> >
    >> >> How secure is the .net framework in a shared hosting enviroment?
    >> >>
    >> >> I am discussing running a .net application with a hosting company and
    >> >> they are reluctant to allow the aspnet user account write access to a
    >> >> folder within my site. They are saying that this is insecure. I
    >> >> believe that they are wrong but would like a more informed opinion.
    >> >>
    >> >> Is it possible for one site to access files from another site using
    >> >> .net?
    >> >>
    >> >> Is there a better way of allowing an application to write to a folder
    >> >> than giving the aspnet user write access?
    >> >>
    >> >
    >> >

    >>
    >>
    >>
    Joe Kaplan \(MVP - ADSI\), Dec 7, 2005
    #7
  8. Hello Joe,

    ok :)

    in general it is dangerous to give the WP write access to the web directory.

    think of this scenario: you somehow manage to pipe data in that directory
    - e.g. text with an .aspx extension - afterwards one can execute the file
    over the browser..

    so in a shared hosting environment i can understand that the ISP sees security
    implications - it would better to have a writable dir outside of the web
    root.

    this all is only possible if the ISP has separate appPools for the app -
    which they normally don't do - because a lot of WPs suck memory and cpu out
    of the web server..

    but still then it is hard to really isolate apps on a web server - the temp
    directory is just an example that came to my mind which is often overlooked
    by ISPs -

    usually IIS_WPG has modify on the whole directory tree...this was not really
    related to the question but i thought i throw it in :) but this allows to
    download the compiled assemblies of other apps on the server - so much for
    isolation...

    in general the only way to effectively isolate apps in a shared environmen
    in partial trust - if PT is in place i would have no problems opening up
    directories for a customer - assuming the ISP understands policy....

    hope that clarifies it a bit...

    a POC for the temp dir problem:

    <%@ Page Language="C#" %>
    <%@ Import Namespace="System.Web.Configuration" %>
    <%@ Import Namespace="System.IO" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <script runat="server">
    protected string tempDirectory
    {
    // get the location of the temp directories, if not specifically

    // configured, take the default location
    get
    {
    CompilationSection comp = (CompilationSection)
    WebConfigurationManager.GetWebApplicationSection
    ("system.web/compilation");

    if (!string.IsNullOrEmpty(comp.TempDirectory))
    return comp.TempDirectory;
    else
    return Path.Combine
    (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET
    Files");
    }
    }

    // traverse sub-folders
    protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs e)
    {
    string path = e.Node.Value;
    foreach (string directory in Directory.GetDirectories(path))
    {
    string name = Path.GetFileName(directory);
    TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name);
    n.PopulateOnDemand = true;
    e.Node.ChildNodes.Add(n);
    }
    }

    protected void Page_Load(object sender, EventArgs e)
    {
    if (!IsPostBack)
    {
    TreeNode node = new TreeNode("temp dir", tempDirectory);
    node.PopulateOnDemand = true;
    _treeView.Nodes.Add(node);
    }
    }

    protected void _treeView_SelectedNodeChanged(object sender, EventArgs e)
    {
    _lstFiles.Items.Clear();
    foreach (string f in Directory.GetFiles(_treeView.SelectedNode.Value))
    {
    _lstFiles.Items.Add(f);
    }
    }

    // download the selected file
    protected void _btnDownload_Click(object sender, EventArgs e)
    {
    Response.AddHeader("Content-Type", "binary/octet-stream");
    Response.AddHeader(
    "Content-Disposition", string.Format("attachment; filename={0}",
    Path.GetFileName(_lstFiles.SelectedValue)));

    Response.WriteFile(_lstFiles.SelectedValue);
    Response.End();
    }
    </script>

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
    <title>Download Assemblies of other Applications</title>
    </head>
    <body>
    <form id="form1" runat="server">
    <div>
    ASP.NET Temp Directory;
    <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView"
    OnTreeNodePopulate="_treeView_OnPopulate"
    OnSelectedNodeChanged="_treeView_SelectedNodeChanged" />
    <br />
    Files:
    <br />
    <asp:ListBox runat="server" ID="_lstFiles" Height="150px" />
    <br />
    <asp:Button runat="server" ID="_btnDownload" Text="Download"
    OnClick="_btnDownload_Click" />
    </div>
    </form>
    </body>
    </html>


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Security certainly can't be any worse with a .NET app than with an ASP
    > app that uses the same deployment model. .NET doesn't elevate
    > privileges or anything like that.
    >
    > If they are using 2003, then they could potentially create a separate
    > app pool for your app (which is a good idea in general from a hosting
    > perspective). If they did that, they could run your app pool under
    > its own identity in order to help keep the apps isolated.
    >
    > Based on what I think Dominick was getting at, I don't think this
    > solves the problem of access to the temp asp.net files directory, but
    > from what I understand, it should allow your scenario securely.
    >
    > I could definitely be wrong though, so we'll see what D. has to say
    > when he gets up tomorrow. :)
    >
    > Joe K.
    >
    > "Mike Parris" <> wrote in message
    > news:...
    >
    >> Thanks Joe. This helps.
    >>
    >> Just to clarify a point. The reference to the ASPNET user was from
    >> me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE
    >> user in my description. In fact I believe they are using Win 2003.
    >>
    >> I think it fair to say that security would be better for a .net site
    >> than for their current other asp sites.
    >>
    >> Mike
    >>
    >> "Joe Kaplan (MVP - ADSI)" wrote:
    >>
    >>> The other thing that is interesting is that the OP mentions the use
    >>> of
    >>> the
    >>> ASPNET account. That would seem to indicate that they are using
    >>> Windows
    >>> 2000 instead of 2003. That seems like a questionable thing to be
    >>> doing
    >>> for
    >>> a professional hosting company.
    >>> If they were using 2003, they could put the application in its own
    >>> app
    >>> pool
    >>> and set that up to run with a specific identity easily. The app
    >>> would be
    >>> isolated from the other apps on the server at the process level.
    >>> That approach seems to make much more sense to me.
    >>>
    >>> Joe K.
    >>>
    >>> "Dominick Baier [DevelopMentor]"
    >>> <> wrote in message
    >>> news:...
    >>>
    >>>> Hello Mike,
    >>>>
    >>>> if the account has the needed ACLs - yes of course - this is
    >>>> possible
    >>>>
    >>>> give that a try:
    >>>>
    >>>> can you programmatically read from:
    >>>> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
    >>>> this is where ASP.NET compiles the page assemblies to and copies
    >>>> all
    >>>> other
    >>>> needed assemblies
    >>>> if you can read from this directory you can compromise every
    >>>> ASP.NET
    >>>> app
    >>>> on the server
    >>>> The only effective way of isolation applications is to use partial
    >>>> trust.
    >>>>
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> How secure is the .net framework in a shared hosting enviroment?
    >>>>>
    >>>>> I am discussing running a .net application with a hosting company
    >>>>> and they are reluctant to allow the aspnet user account write
    >>>>> access to a folder within my site. They are saying that this is
    >>>>> insecure. I believe that they are wrong but would like a more
    >>>>> informed opinion.
    >>>>>
    >>>>> Is it possible for one site to access files from another site
    >>>>> using .net?
    >>>>>
    >>>>> Is there a better way of allowing an application to write to a
    >>>>> folder than giving the aspnet user write access?
    >>>>>
    Dominick Baier [DevelopMentor], Dec 7, 2005
    #8
  9. Mike Parris

    Mike Parris Guest

    Thanks Dominick and Joe

    Your replies have cetainly improved my understanding of the subject and I am
    sure will be useful in the future.

    My client's Hosting company have however told me to go away, or words to
    that effect, but not so nicely put. So I will have to create a solution for
    my client that does not require .net at the server end.



    "Dominick Baier [DevelopMentor]" wrote:

    > Hello Joe,
    >
    > ok :)
    >
    > in general it is dangerous to give the WP write access to the web directory.
    >
    > think of this scenario: you somehow manage to pipe data in that directory
    > - e.g. text with an .aspx extension - afterwards one can execute the file
    > over the browser..
    >
    > so in a shared hosting environment i can understand that the ISP sees security
    > implications - it would better to have a writable dir outside of the web
    > root.
    >
    > this all is only possible if the ISP has separate appPools for the app -
    > which they normally don't do - because a lot of WPs suck memory and cpu out
    > of the web server..
    >
    > but still then it is hard to really isolate apps on a web server - the temp
    > directory is just an example that came to my mind which is often overlooked
    > by ISPs -
    >
    > usually IIS_WPG has modify on the whole directory tree...this was not really
    > related to the question but i thought i throw it in :) but this allows to
    > download the compiled assemblies of other apps on the server - so much for
    > isolation...
    >
    > in general the only way to effectively isolate apps in a shared environmen
    > in partial trust - if PT is in place i would have no problems opening up
    > directories for a customer - assuming the ISP understands policy....
    >
    > hope that clarifies it a bit...
    >
    > a POC for the temp dir problem:
    >
    > <%@ Page Language="C#" %>
    > <%@ Import Namespace="System.Web.Configuration" %>
    > <%@ Import Namespace="System.IO" %>
    >
    > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    >
    > <script runat="server">
    > protected string tempDirectory
    > {
    > // get the location of the temp directories, if not specifically
    >
    > // configured, take the default location
    > get
    > {
    > CompilationSection comp = (CompilationSection)
    > WebConfigurationManager.GetWebApplicationSection
    > ("system.web/compilation");
    >
    > if (!string.IsNullOrEmpty(comp.TempDirectory))
    > return comp.TempDirectory;
    > else
    > return Path.Combine
    > (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET
    > Files");
    > }
    > }
    >
    > // traverse sub-folders
    > protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs e)
    > {
    > string path = e.Node.Value;
    > foreach (string directory in Directory.GetDirectories(path))
    > {
    > string name = Path.GetFileName(directory);
    > TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name);
    > n.PopulateOnDemand = true;
    > e.Node.ChildNodes.Add(n);
    > }
    > }
    >
    > protected void Page_Load(object sender, EventArgs e)
    > {
    > if (!IsPostBack)
    > {
    > TreeNode node = new TreeNode("temp dir", tempDirectory);
    > node.PopulateOnDemand = true;
    > _treeView.Nodes.Add(node);
    > }
    > }
    >
    > protected void _treeView_SelectedNodeChanged(object sender, EventArgs e)
    > {
    > _lstFiles.Items.Clear();
    > foreach (string f in Directory.GetFiles(_treeView.SelectedNode.Value))
    > {
    > _lstFiles.Items.Add(f);
    > }
    > }
    >
    > // download the selected file
    > protected void _btnDownload_Click(object sender, EventArgs e)
    > {
    > Response.AddHeader("Content-Type", "binary/octet-stream");
    > Response.AddHeader(
    > "Content-Disposition", string.Format("attachment; filename={0}",
    > Path.GetFileName(_lstFiles.SelectedValue)));
    >
    > Response.WriteFile(_lstFiles.SelectedValue);
    > Response.End();
    > }
    > </script>
    >
    > <html xmlns="http://www.w3.org/1999/xhtml">
    > <head runat="server">
    > <title>Download Assemblies of other Applications</title>
    > </head>
    > <body>
    > <form id="form1" runat="server">
    > <div>
    > ASP.NET Temp Directory;
    > <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView"
    > OnTreeNodePopulate="_treeView_OnPopulate"
    > OnSelectedNodeChanged="_treeView_SelectedNodeChanged" />
    > <br />
    > Files:
    > <br />
    > <asp:ListBox runat="server" ID="_lstFiles" Height="150px" />
    > <br />
    > <asp:Button runat="server" ID="_btnDownload" Text="Download"
    > OnClick="_btnDownload_Click" />
    > </div>
    > </form>
    > </body>
    > </html>
    >
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Security certainly can't be any worse with a .NET app than with an ASP
    > > app that uses the same deployment model. .NET doesn't elevate
    > > privileges or anything like that.
    > >
    > > If they are using 2003, then they could potentially create a separate
    > > app pool for your app (which is a good idea in general from a hosting
    > > perspective). If they did that, they could run your app pool under
    > > its own identity in order to help keep the apps isolated.
    > >
    > > Based on what I think Dominick was getting at, I don't think this
    > > solves the problem of access to the temp asp.net files directory, but
    > > from what I understand, it should allow your scenario securely.
    > >
    > > I could definitely be wrong though, so we'll see what D. has to say
    > > when he gets up tomorrow. :)
    > >
    > > Joe K.
    > >
    > > "Mike Parris" <> wrote in message
    > > news:...
    > >
    > >> Thanks Joe. This helps.
    > >>
    > >> Just to clarify a point. The reference to the ASPNET user was from
    > >> me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE
    > >> user in my description. In fact I believe they are using Win 2003.
    > >>
    > >> I think it fair to say that security would be better for a .net site
    > >> than for their current other asp sites.
    > >>
    > >> Mike
    > >>
    > >> "Joe Kaplan (MVP - ADSI)" wrote:
    > >>
    > >>> The other thing that is interesting is that the OP mentions the use
    > >>> of
    > >>> the
    > >>> ASPNET account. That would seem to indicate that they are using
    > >>> Windows
    > >>> 2000 instead of 2003. That seems like a questionable thing to be
    > >>> doing
    > >>> for
    > >>> a professional hosting company.
    > >>> If they were using 2003, they could put the application in its own
    > >>> app
    > >>> pool
    > >>> and set that up to run with a specific identity easily. The app
    > >>> would be
    > >>> isolated from the other apps on the server at the process level.
    > >>> That approach seems to make much more sense to me.
    > >>>
    > >>> Joe K.
    > >>>
    > >>> "Dominick Baier [DevelopMentor]"
    > >>> <> wrote in message
    > >>> news:...
    > >>>
    > >>>> Hello Mike,
    > >>>>
    > >>>> if the account has the needed ACLs - yes of course - this is
    > >>>> possible
    > >>>>
    > >>>> give that a try:
    > >>>>
    > >>>> can you programmatically read from:
    > >>>> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
    > >>>> this is where ASP.NET compiles the page assemblies to and copies
    > >>>> all
    > >>>> other
    > >>>> needed assemblies
    > >>>> if you can read from this directory you can compromise every
    > >>>> ASP.NET
    > >>>> app
    > >>>> on the server
    > >>>> The only effective way of isolation applications is to use partial
    > >>>> trust.
    > >>>>
    > >>>> ---------------------------------------
    > >>>> Dominick Baier - DevelopMentor
    > >>>> http://www.leastprivilege.com
    > >>>>> How secure is the .net framework in a shared hosting enviroment?
    > >>>>>
    > >>>>> I am discussing running a .net application with a hosting company
    > >>>>> and they are reluctant to allow the aspnet user account write
    > >>>>> access to a folder within my site. They are saying that this is
    > >>>>> insecure. I believe that they are wrong but would like a more
    > >>>>> informed opinion.
    > >>>>>
    > >>>>> Is it possible for one site to access files from another site
    > >>>>> using .net?
    > >>>>>
    > >>>>> Is there a better way of allowing an application to write to a
    > >>>>> folder than giving the aspnet user write access?
    > >>>>>

    >
    >
    >
    Mike Parris, Dec 7, 2005
    #9
  10. Hello Mike,

    how about using a dedicated server - they are not that much expensive and
    you are your own admin??

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Thanks Dominick and Joe
    >
    > Your replies have cetainly improved my understanding of the subject
    > and I am sure will be useful in the future.
    >
    > My client's Hosting company have however told me to go away, or words
    > to that effect, but not so nicely put. So I will have to create a
    > solution for my client that does not require .net at the server end.
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hello Joe,
    >>
    >> ok :)
    >>
    >> in general it is dangerous to give the WP write access to the web
    >> directory.
    >>
    >> think of this scenario: you somehow manage to pipe data in that
    >> directory - e.g. text with an .aspx extension - afterwards one can
    >> execute the file over the browser..
    >>
    >> so in a shared hosting environment i can understand that the ISP sees
    >> security implications - it would better to have a writable dir
    >> outside of the web root.
    >>
    >> this all is only possible if the ISP has separate appPools for the
    >> app - which they normally don't do - because a lot of WPs suck memory
    >> and cpu out of the web server..
    >>
    >> but still then it is hard to really isolate apps on a web server -
    >> the temp directory is just an example that came to my mind which is
    >> often overlooked by ISPs -
    >>
    >> usually IIS_WPG has modify on the whole directory tree...this was not
    >> really related to the question but i thought i throw it in :) but
    >> this allows to download the compiled assemblies of other apps on the
    >> server - so much for isolation...
    >>
    >> in general the only way to effectively isolate apps in a shared
    >> environmen in partial trust - if PT is in place i would have no
    >> problems opening up directories for a customer - assuming the ISP
    >> understands policy....
    >>
    >> hope that clarifies it a bit...
    >>
    >> a POC for the temp dir problem:
    >>
    >> <%@ Page Language="C#" %>
    >> <%@ Import Namespace="System.Web.Configuration" %>
    >> <%@ Import Namespace="System.IO" %>
    >> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    >> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    >>
    >> <script runat="server">
    >> protected string tempDirectory
    >> {
    >> // get the location of the temp directories, if not specifically
    >> // configured, take the default location
    >> get
    >> {
    >> CompilationSection comp = (CompilationSection)
    >> WebConfigurationManager.GetWebApplicationSection
    >> ("system.web/compilation");
    >> if (!string.IsNullOrEmpty(comp.TempDirectory))
    >> return comp.TempDirectory;
    >> else
    >> return Path.Combine
    >> (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET
    >> Files");
    >> }
    >> }
    >> // traverse sub-folders
    >> protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs
    >> e)
    >> {
    >> string path = e.Node.Value;
    >> foreach (string directory in Directory.GetDirectories(path))
    >> {
    >> string name = Path.GetFileName(directory);
    >> TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name);
    >> n.PopulateOnDemand = true;
    >> e.Node.ChildNodes.Add(n);
    >> }
    >> }
    >> protected void Page_Load(object sender, EventArgs e)
    >> {
    >> if (!IsPostBack)
    >> {
    >> TreeNode node = new TreeNode("temp dir", tempDirectory);
    >> node.PopulateOnDemand = true;
    >> _treeView.Nodes.Add(node);
    >> }
    >> }
    >> protected void _treeView_SelectedNodeChanged(object sender, EventArgs
    >> e)
    >> {
    >> _lstFiles.Items.Clear();
    >> foreach (string f in
    >> Directory.GetFiles(_treeView.SelectedNode.Value))
    >> {
    >> _lstFiles.Items.Add(f);
    >> }
    >> }
    >> // download the selected file
    >> protected void _btnDownload_Click(object sender, EventArgs e)
    >> {
    >> Response.AddHeader("Content-Type", "binary/octet-stream");
    >> Response.AddHeader(
    >> "Content-Disposition", string.Format("attachment; filename={0}",
    >> Path.GetFileName(_lstFiles.SelectedValue)));
    >> Response.WriteFile(_lstFiles.SelectedValue);
    >> Response.End();
    >> }
    >> </script>
    >> <html xmlns="http://www.w3.org/1999/xhtml">
    >> <head runat="server">
    >> <title>Download Assemblies of other Applications</title>
    >> </head>
    >> <body>
    >> <form id="form1" runat="server">
    >> <div>
    >> ASP.NET Temp Directory;
    >> <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView"
    >> OnTreeNodePopulate="_treeView_OnPopulate"
    >> OnSelectedNodeChanged="_treeView_SelectedNodeChanged" />
    >> <br />
    >> Files:
    >> <br />
    >> <asp:ListBox runat="server" ID="_lstFiles" Height="150px" />
    >> <br />
    >> <asp:Button runat="server" ID="_btnDownload" Text="Download"
    >> OnClick="_btnDownload_Click" />
    >> </div>
    >> </form>
    >> </body>
    >> </html>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Security certainly can't be any worse with a .NET app than with an
    >>> ASP app that uses the same deployment model. .NET doesn't elevate
    >>> privileges or anything like that.
    >>>
    >>> If they are using 2003, then they could potentially create a
    >>> separate app pool for your app (which is a good idea in general from
    >>> a hosting perspective). If they did that, they could run your app
    >>> pool under its own identity in order to help keep the apps isolated.
    >>>
    >>> Based on what I think Dominick was getting at, I don't think this
    >>> solves the problem of access to the temp asp.net files directory,
    >>> but from what I understand, it should allow your scenario securely.
    >>>
    >>> I could definitely be wrong though, so we'll see what D. has to say
    >>> when he gets up tomorrow. :)
    >>>
    >>> Joe K.
    >>>
    >>> "Mike Parris" <> wrote in
    >>> message news:...
    >>>
    >>>> Thanks Joe. This helps.
    >>>>
    >>>> Just to clarify a point. The reference to the ASPNET user was from
    >>>> me. I develop on Win 2000 so I forgot to include the NETWORK
    >>>> SERVICE user in my description. In fact I believe they are using
    >>>> Win 2003.
    >>>>
    >>>> I think it fair to say that security would be better for a .net
    >>>> site than for their current other asp sites.
    >>>>
    >>>> Mike
    >>>>
    >>>> "Joe Kaplan (MVP - ADSI)" wrote:
    >>>>
    >>>>> The other thing that is interesting is that the OP mentions the
    >>>>> use
    >>>>> of
    >>>>> the
    >>>>> ASPNET account. That would seem to indicate that they are using
    >>>>> Windows
    >>>>> 2000 instead of 2003. That seems like a questionable thing to be
    >>>>> doing
    >>>>> for
    >>>>> a professional hosting company.
    >>>>> If they were using 2003, they could put the application in its own
    >>>>> app
    >>>>> pool
    >>>>> and set that up to run with a specific identity easily. The app
    >>>>> would be
    >>>>> isolated from the other apps on the server at the process level.
    >>>>> That approach seems to make much more sense to me.
    >>>>> Joe K.
    >>>>>
    >>>>> "Dominick Baier [DevelopMentor]"
    >>>>> <> wrote in message
    >>>>> news:...
    >>>>>
    >>>>>> Hello Mike,
    >>>>>>
    >>>>>> if the account has the needed ACLs - yes of course - this is
    >>>>>> possible
    >>>>>>
    >>>>>> give that a try:
    >>>>>>
    >>>>>> can you programmatically read from:
    >>>>>> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
    >>>>>> this is where ASP.NET compiles the page assemblies to and copies
    >>>>>> all
    >>>>>> other
    >>>>>> needed assemblies
    >>>>>> if you can read from this directory you can compromise every
    >>>>>> ASP.NET
    >>>>>> app
    >>>>>> on the server
    >>>>>> The only effective way of isolation applications is to use
    >>>>>> partial
    >>>>>> trust.
    >>>>>> ---------------------------------------
    >>>>>> Dominick Baier - DevelopMentor
    >>>>>> http://www.leastprivilege.com
    >>>>>>> How secure is the .net framework in a shared hosting enviroment?
    >>>>>>>
    >>>>>>> I am discussing running a .net application with a hosting
    >>>>>>> company and they are reluctant to allow the aspnet user account
    >>>>>>> write access to a folder within my site. They are saying that
    >>>>>>> this is insecure. I believe that they are wrong but would like a
    >>>>>>> more informed opinion.
    >>>>>>>
    >>>>>>> Is it possible for one site to access files from another site
    >>>>>>> using .net?
    >>>>>>>
    >>>>>>> Is there a better way of allowing an application to write to a
    >>>>>>> folder than giving the aspnet user write access?
    >>>>>>>
    Dominick Baier [DevelopMentor], Dec 8, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Remi Delon
    Replies:
    0
    Views:
    786
    Remi Delon
    Jan 19, 2005
  2. Aravapalli

    Web Hosting - reseller hosting

    Aravapalli, Dec 20, 2007, in forum: HTML
    Replies:
    8
    Views:
    480
    Chaddy2222
    Dec 21, 2007
  3. Replies:
    0
    Views:
    625
  4. Replies:
    0
    Views:
    451
  5. teo1991
    Replies:
    0
    Views:
    524
    teo1991
    Apr 2, 2009
Loading...

Share This Page