J
John Dalberg
I am trying to lock down file access of some sites in a shared hosting
environment so that different users can only access their own site's
directory with their asp.net code. However there's a problem with some
aspnet user access.
[I enabled identity impersonate in machine.config and made allowoveride =
false.]
After some experimenting with ntfs permissions, I noticed that any asp.net
enabled site *must* have asp.net user have read access on the folder above
the application folder plus have read access to the web.config file,
regardless whether the site is impersonating another user.
This means any asp.net site can list the files of any other asp.net enabled
site plus read someone else's web config file which might contain sensitive
non encrypted settings.
Does anyone see a security hole in this security model? In some cases you
can display or even download files by just looking at someone else's site
folder and typing the url + filename in a browser. Like an .mdb file if the
user didn't password protect their sensitive folder.
How can I plug this hole with better lockdown? I was going to look at the
<location.. > tag and trust levels and see if they help.
Is there any whitepaper on how to very securely lockdown asp.net sites in a
shared environment?
Thanks.
John
environment so that different users can only access their own site's
directory with their asp.net code. However there's a problem with some
aspnet user access.
[I enabled identity impersonate in machine.config and made allowoveride =
false.]
After some experimenting with ntfs permissions, I noticed that any asp.net
enabled site *must* have asp.net user have read access on the folder above
the application folder plus have read access to the web.config file,
regardless whether the site is impersonating another user.
This means any asp.net site can list the files of any other asp.net enabled
site plus read someone else's web config file which might contain sensitive
non encrypted settings.
Does anyone see a security hole in this security model? In some cases you
can display or even download files by just looking at someone else's site
folder and typing the url + filename in a browser. Like an .mdb file if the
user didn't password protect their sensitive folder.
How can I plug this hole with better lockdown? I was going to look at the
<location.. > tag and trust levels and see if they help.
Is there any whitepaper on how to very securely lockdown asp.net sites in a
shared environment?
Thanks.
John