Re: Prevent access to advapi32.dll RevertToSelf()

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/28/05 

Date: Wed, 28 Sep 2005 08:54:43 -0700

Hello kevin.kenny@zygonia.net,

thanks :)

unfortunately, setting to partial trust is the only way to prohibit RevertToSelf...

...and OleDb only runs under full trust.

here is more info:
http://www.leastprivilege.com/FullyTrustedCodeAndASPNET.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi Guys,
>
> Thanks for replying. The problem I have is that this is a hosting
> platform that I've inherited. The servers can have up to 900 sites
> customer sites running on them. There is also no chance that the
> servers running Windows 2000 Server will be upgraded to Windows 2003
> in the near future.
>
> I did think about having an AppPool per site on 2003 but there are
> some practicality issues here and also I'm guessing that 900 AppPools
> isn't really the right answer from a scalability and management
> aspect.
>
> As far as the medium trust thing goes, unfortunately we have customers
> using OleDB in conjunction with Access database files.
>
> Is it possibile to build a custom trust level that has all the
> restrictions of Medium trust but allow OleDbClientPermission ?
>
> Can I create a new policy file based on 'medium_trust.config' and add
> the OleDbClientPermission? Is this good practice?
>
> Sorry if there are obvious answers to these questions but whilst I
> understand the concept and use of different trust levels, I'm a bit in
> the unsure about what to do regarding tuning the default policies to
> our needs.
>
> Thanks Again
> Kevin
> ps: Dominick, I enjoyed your sessions at DevWeek2005 this year.

Relevant Pages

  • Re: Debugging Trust Levels - Oledb
    ... Why does the code calling oledb just fail without an error when running ... In our environment we are happy to trust oledb access, ... class with assert statements and sign it and register it with the GAC. ... programmer and extra admin to register all the classess with the GAC. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Prevent access to advapi32.dll RevertToSelf()
    ... setting to partial trust is the only way to prohibit RevertToSelf... ... Dominick Baier - DevelopMentor ... > customer sites running on them. ... > using OleDB in conjunction with Access database files. ...
    (microsoft.public.dotnet.security)
  • Re: About the recent discussions and events I read here.
    ... the crux of the issue is trust. ... episode could possibly reassure any customer that PowerBASIC is not ... Unless or until PowerBASIC or Bob Zale makes the effort to ...
    (comp.lang.basic.powerbasic)
  • Re: Single Sign On?
    ... on multiple ports. ... The customer access is via the internet and they ... domain becuase there is no level of trust with their network. ... The customer users our domain accounts to ...
    (microsoft.public.win2000.active_directory)
  • Re: How To Give The Client Peace Of Mind
    ... would be better spent gaining brownie points with the customer by just ... Give them the source code and they will be more relaxed ... about this issue and it will increase their trust in you. ... Thanks for the reply DFS. ...
    (comp.databases.ms-access)