Re: Setting IPGrant on a folder from a WebMethod
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 02/21/05
- Previous message: Roar Nestegard: "ASP.NET 2.0 security with two membership providers"
- In reply to: David Salonius: "Re: Setting IPGrant on a folder from a WebMethod"
- Next in thread: IPGrunt: "Re: Setting IPGrant on a folder from a WebMethod"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Feb 2005 14:49:37 -0600
I'd make sure you don't use that app pool for any other websites or
applications on the same server. Always use a different app pool with lower
privileges for other sites. That will help restrict it as well.
Other than that, it is up to you to consider whether you need to go to COM+
or not for additional security. As long as you don't have any other entry
points into this site and you are comfortable with the security you are
providing, then I think it can be secure. Just be careful and spend some
time doing some threat modeling to make sure you don't miss anything.
Joe K.
"David Salonius" <dsalonius@charter.net> wrote in message
news:%23MKOlGFGFHA.228@TK2MSFTNGP15.phx.gbl...
>
>
> Setting the user in the Application Pool identity to an administrator
> account solved the problem. From what I can tell, as long as my web
> methods folder is locked down to where no one can upload code, this
> should be safe. Is that a fair assessment?
>
> Thanks,
>
> David
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!
- Previous message: Roar Nestegard: "ASP.NET 2.0 security with two membership providers"
- In reply to: David Salonius: "Re: Setting IPGrant on a folder from a WebMethod"
- Next in thread: IPGrunt: "Re: Setting IPGrant on a folder from a WebMethod"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
