Re: Shared Hosting
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 08 Dec 2005 05:13:32 -0800
Hello Mike,
how about using a dedicated server - they are not that much expensive and you are your own admin??
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com
Thanks Dominick and Joe
Your replies have cetainly improved my understanding of the subject and I am sure will be useful in the future.
My client's Hosting company have however told me to go away, or words to that effect, but not so nicely put. So I will have to create a solution for my client that does not require .net at the server end.
"Dominick Baier [DevelopMentor]" wrote:
Hello Joe,
ok :)
in general it is dangerous to give the WP write access to the web directory.
think of this scenario: you somehow manage to pipe data in that directory - e.g. text with an .aspx extension - afterwards one can execute the file over the browser..
so in a shared hosting environment i can understand that the ISP sees security implications - it would better to have a writable dir outside of the web root.
this all is only possible if the ISP has separate appPools for the app - which they normally don't do - because a lot of WPs suck memory and cpu out of the web server..
but still then it is hard to really isolate apps on a web server - the temp directory is just an example that came to my mind which is often overlooked by ISPs -
usually IIS_WPG has modify on the whole directory tree...this was not really related to the question but i thought i throw it in :) but this allows to download the compiled assemblies of other apps on the server - so much for isolation...
in general the only way to effectively isolate apps in a shared environmen in partial trust - if PT is in place i would have no problems opening up directories for a customer - assuming the ISP understands policy....
hope that clarifies it a bit...
a POC for the temp dir problem:
<%@ Page Language="C#" %> <%@ Import Namespace="System.Web.Configuration" %> <%@ Import Namespace="System.IO" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<script runat="server"> protected string tempDirectory { // get the location of the temp directories, if not specifically // configured, take the default location get { CompilationSection comp = (CompilationSection) WebConfigurationManager.GetWebApplicationSection ("system.web/compilation"); if (!string.IsNullOrEmpty(comp.TempDirectory)) return comp.TempDirectory; else return Path.Combine (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET Files"); } } // traverse sub-folders protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs e) { string path = e.Node.Value; foreach (string directory in Directory.GetDirectories(path)) { string name = Path.GetFileName(directory); TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name); n.PopulateOnDemand = true; e.Node.ChildNodes.Add(n); } } protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { TreeNode node = new TreeNode("temp dir", tempDirectory); node.PopulateOnDemand = true; _treeView.Nodes.Add(node); } } protected void _treeView_SelectedNodeChanged(object sender, EventArgs e) { _lstFiles.Items.Clear(); foreach (string f in Directory.GetFiles(_treeView.SelectedNode.Value)) { _lstFiles.Items.Add(f); } } // download the selected file protected void _btnDownload_Click(object sender, EventArgs e) { Response.AddHeader("Content-Type", "binary/octet-stream"); Response.AddHeader( "Content-Disposition", string.Format("attachment; filename={0}", Path.GetFileName(_lstFiles.SelectedValue))); Response.WriteFile(_lstFiles.SelectedValue); Response.End(); } </script> <html xmlns="http://www.w3.org/1999/xhtml";> <head runat="server"> <title>Download Assemblies of other Applications</title> </head> <body> <form id="form1" runat="server"> <div> ASP.NET Temp Directory; <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView" OnTreeNodePopulate="_treeView_OnPopulate" OnSelectedNodeChanged="_treeView_SelectedNodeChanged" /> <br /> Files: <br /> <asp:ListBox runat="server" ID="_lstFiles" Height="150px" /> <br /> <asp:Button runat="server" ID="_btnDownload" Text="Download" OnClick="_btnDownload_Click" /> </div> </form> </body> </html> --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.comSecurity certainly can't be any worse with a .NET app than with an ASP app that uses the same deployment model. .NET doesn't elevate privileges or anything like that.
If they are using 2003, then they could potentially create a separate app pool for your app (which is a good idea in general from a hosting perspective). If they did that, they could run your app pool under its own identity in order to help keep the apps isolated.
Based on what I think Dominick was getting at, I don't think this solves the problem of access to the temp asp.net files directory, but from what I understand, it should allow your scenario securely.
I could definitely be wrong though, so we'll see what D. has to say when he gets up tomorrow. :)
Joe K.
"Mike Parris" <MikeParris@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:BCDA3FE5-42FB-4538-B134-E28A150E7BD6@xxxxxxxxxxxxxxxx
Thanks Joe. This helps.
Just to clarify a point. The reference to the ASPNET user was from me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE user in my description. In fact I believe they are using Win 2003.
I think it fair to say that security would be better for a .net site than for their current other asp sites.
Mike
"Joe Kaplan (MVP - ADSI)" wrote:
The other thing that is interesting is that the OP mentions the use of the ASPNET account. That would seem to indicate that they are using Windows 2000 instead of 2003. That seems like a questionable thing to be doing for a professional hosting company. If they were using 2003, they could put the application in its own app pool and set that up to run with a specific identity easily. The app would be isolated from the other apps on the server at the process level. That approach seems to make much more sense to me. Joe K.
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4580be6316021c8c7c8a172ac3ef0@xxxxxxxxxxxxxxxxxxxxx
Hello Mike,
if the account has the needed ACLs - yes of course - this is possible
give that a try:
can you programmatically read from: C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files this is where ASP.NET compiles the page assemblies to and copies all other needed assemblies if you can read from this directory you can compromise every ASP.NET app on the server The only effective way of isolation applications is to use partial trust. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.comHow secure is the .net framework in a shared hosting enviroment?
I am discussing running a .net application with a hosting company and they are reluctant to allow the aspnet user account write access to a folder within my site. They are saying that this is insecure. I believe that they are wrong but would like a more informed opinion.
Is it possible for one site to access files from another site using .net?
Is there a better way of allowing an application to write to a folder than giving the aspnet user write access?
.
- References:
- Re: Shared Hosting
- From: Mike Parris
- Re: Shared Hosting
- Prev by Date: Re: ASP.NET 2.0 Membership Provider Customization
- Next by Date: Re: Error in accessing shared folder database file in ASP.net
- Previous by thread: Re: Shared Hosting
- Next by thread: Membership provider with ADAM
- Index(es):
Relevant Pages
|
