Re: Dot Net Security

---

• From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 1 Jun 2007 13:06:32 +0000 (UTC)

---

well - to replace this dll you need admin privileges. As admin you own the box anyway...so what's the deal?


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi

I'm an MCT and came across this little nugget last week.

Using Reflector, I created a project from the Integration services Dll
from sql2005.
I took off the assembly signing, added some code to write to a file.
I dropped the dll in the directory where sqlservr.exe is

I created a new text file in the same directory called
sqlservr.exe.local

Using Sql2005 SIS, it ran my version of the dll!!!!!

Whoops!

I'm waiting to see if Office2007 etc can be controlled in the same way

Hmm...

Tom

.

---

• References:
  • Dot Net Security
    • From: tomcharnley

• Prev by Date: Re: Urgent: Securing a .net 1.1 application
• Next by Date: Re: LDAP Bind to ADAM user - bad-pwd-count not being set.
• Previous by thread: Dot Net Security
• Next by thread: Re: Urgent: Securing a .net 1.1 application
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ASP.NET Security ... Dominick Baier - DevelopMentor ... the CLR to turn off all security checks... ... The easiest quickest simplest solution is to not use a .dll - just ... (microsoft.public.dotnet.framework.aspnet.security) Re: ASP.NET Security ... Dominick Baier - DevelopMentor ... The easiest quickest simplest solution is to not use a .dll - just ... declartive security etc) ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2007-06