security issue

  • Thread starter Thread starter Ashish
  • Start date Start date
A

Ashish

hi all,

we have an application which requires aspnet user to have write
permissions in the application's virtual folder ...

while running our application on a shared host, where other .net
websites are also running would they be able to access my files ?

thought that this would be solved with IIS 6 and ASP.net 1.1 but i think
its still there, cause i can do it on my machine,

or then again, i may be missing something ...

any comments

-ashish
 
because all other sites can read your web config, or load your dlls, spend a
little work hiding the creditals.

-- bruce (sqlwork.com)
 
Steve said:
Ya, they probably could write to it.
You might want to use impersonation so you're not running under the standard
ASPNET user account.
Once your app is running under its own username & pw then you should be more
secure.
Here's more info:
http://msdn.microsoft.com/library/d...-us/cpguide/html/cpconaspnetimpersonation.asp
Click to expand...

is it possible to run multiple aspnet_wp under different user accounts ,
i.e if a machine is hosting 10 websites it is running 10 asp_net wp
under 10 accounts so each of the applications are completely boxed in
themselves ?
if not how would impersonation solve my problem, cuz then other websites
would also be running under same impersonated account

regards
-ashish
 
bruce said:
because all other sites can read your web config, or load your dlls, spend a
little work hiding the creditals.

-- bruce (sqlwork.com)
Click to expand...
hiding what, change the name of web.config file ? wouldnt all the
applications which are using asp.net using this file ?
 
Back
Top