Re: ASP.NET hosting & MS Access

From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 10/06/04

• Next message: Ken Cox [Microsoft MVP]: "Important Information on ASP.NET Vulnerability"
• Previous message: maxmann: "saving XmlDocument using Windows Authentication"
• Maybe in reply to: Daniel Fisher\(lennybacon\): "ASP.NET hosting & MS Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: microsoft.public.dotnet.framework.aspnet.security
Date: Tue, 05 Oct 2004 23:06:44 -0700

i gave you a whole array of links to get smart about it.

 in my blog entry i mention the Threats and Countermeasures Paper from MS patterns and practices - see chapter 9 for an example of sandboxing code in the gac.

 

 ---
 Dominick Baier - DevelopMentor
 http://www.leastprivilege.com

   nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/>

 I don't want to look stupid But how can I do that.
> the only way to let a partial trust web app access OLEDB sources is
 through an intermediate full trust code in the GAC -
 
> the only effective way to isolate full trust apps is to -
 I can't create a pool for each user. In this way, I have to create
 thousands. In there any way around that.
 
> - give each webapp a different worker process
>
> - use a different account for each worker process
>
> - ACL everything for the specific worker process account - not IIS_WPG
>
> - Set ACLs on the Metabase (so that a worker process cannot read the
 anonymous account and pwd from another app pool e.g.)
>
> - Give every web app an individual temporary assemblies folder
>
> a.s.o.
>
> for links (especially to the threats and countermeasures paper and OWASP)
 consult this summary i wrote
>
>
 http://www.leastprivilege.com/PermaLink.aspx?guid=96a0e4af-7996-4e6a-b9fd-78ab8c0b29b5
>
>
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>
 nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/>
>
> Thank you all for youe reply.
>
> My understanding was the OLE DB and ODBC data resources demand full
 trust.
> We can't use a custom policy.
> In ISP environment, how can we allow users to use OLE DB and ODBC data
> resources and at the same time lock
> an application in it's directory??
> How can we sandbox the resources?
> Would you please send me a sample code with instruction how to configure
 the
> web server?
>
> Thanks alot
>
>
>
> "Daniel Fisher(lennybacon)" <info@(removethis)lennybacon.com> wrote in
> message news:OzbpfZ$pEHA.3012@TK2MSFTNGP10.phx.gbl...
> > By default
> > >> MS Access requires FullTrust
> >
> > But you can allow OleDB in a Custom or the Internet PermissionSet.
> >
> > --
> > Daniel Fisher(lennybacon)
> > MCP C# ASP.NET
> > Blog: http://www.lennybacon.com/
> >
> >
> >
> > "FARID" <farid.almoqayed@xpandcorp.com> wrote in message
> > news:elKB2x9pEHA.2432@TK2MSFTNGP15.phx.gbl...
> > > We are trying to offer free ASP & ASP.NET hosting. I read alot of
> articles
> > > and documentation in order to setup and offer ASP.NET and MS Access.
> Based
> > > of what I read, MS Access requires FullTrust in order to work.
 Providing
> > > fullTrust will be very risky in the ISP environment. In there anyway
 to
> > > lock
> > > an application in it's directory and prevent accessing other
 customers
> > > data
> > > while keeping MS Access support.
> > > Please help.
> > > Run each site in a separate application pool will not be an option
> because
> > > we have to create thousands of application pools.
> > >
> > > thanks alot
> > >
> > >
> >
> >
>
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
 
 
 
 [microsoft.public.dotnet.framework.aspnet.security]

---

• Next message: Ken Cox [Microsoft MVP]: "Important Information on ASP.NET Vulnerability"
• Previous message: maxmann: "saving XmlDocument using Windows Authentication"
• Maybe in reply to: Daniel Fisher\(lennybacon\): "ASP.NET hosting & MS Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: question about creating an external domain trust Server 2003 ... You would Create accounts in the Trusted ... domain and put them into groups to access foreign resources. ... NETDOM to create the trust. ... F1child to be used on the webserver. ... (microsoft.public.windows.server.active_directory) Re: trust relationships between windows 2003 domains ... I already created trust relationships between 2 domains and have validated ... never expect to access resources unless you have IP ... Unless your ping issue is a Firewall problem (intermediate, ... Properties to find the DNS server for the zone ... (microsoft.public.windows.server.active_directory) Re: External Trust Question ... selective authentication or domain wide authentication. ... Now with the use of a VPN i've setup an external trust between the to ... from domainA.com to resources in domainB.com - Using the mmc snap-in i ... domainA.com - cant connect to domainB.com's AD - cant add users or groups ... (microsoft.public.windows.server.active_directory) Re: ASP.NET hosting & MS Access ... My understanding was the OLE DB and ODBC data resources demand full trust. ... We can't use a custom policy. ... In ISP environment, how can we allow users to use OLE DB and ODBC data ... (microsoft.public.dotnet.framework.aspnet.security) Re: watching the fossil media die.... ... Speak again when you understand the full ... >> Depends what you mean by resources. ... and that's another problem the newspapers face. ... You haven't explained what the "issue of trust" is yet, ... (uk.politics.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2004-10