Re: How Bad Is It?

From: th (th@rmsexxxcf.remove-xxx-and-this.cxxxom)
Date: 12/16/02


From: "th" <th@rmsexxxcf.remove-xxx-and-this.cxxxom>
Date: Mon, 16 Dec 2002 23:14:04 +0100


Here are some reading about ASP.NET security.

(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
tml/secnetlpMSDN.asp?frame=true)

(http://msdn.microsoft.com/msdnmag/issues/01/11/security/default.aspx)

(http://msdn.microsoft.com/library/default.asp?url=/msdnmag/issues/02/04/ASP
Sec/toc.asp?frame=true)

(http://msdn.microsoft.com/library/default.asp?url=/msdnmag/issues/02/05/asp
sec2/toc.asp?frame=true)

The first one is a MUST READ....

/Patrik

"Lee Seidel" <lee.seidel@capbluecross.com> wrote in message
news:05e401c2a2e0$ecc51c30$89f82ecf@TK2MSFTNGXA01...
> How bad is it to switch the user in the machine.config
> file from "machine" to "SYSTEM"? We were able to overcome
> insufficient security for ASPNET id via this method. We
> resorted to this after giving ASPNET administrator rights
> on the box did not resolve the dreaded Insufficient
> Access .NET error.
>
> Please share your thoughts on this.
>
> Thanks.