Re: asp.net machine A......
From: Malek (kemmou_at_arrabeta.com)
Date: 02/23/04
- Next message: Natty Gur: "Re: Need help writing special user control"
- Previous message: .NET Follower: "Re: cookieless session? Who has it working?"
- In reply to: .NET Follower: "Re: asp.net machine A......"
- Next in thread: .NET Follower: "Re: asp.net machine A......"
- Reply: .NET Follower: "Re: asp.net machine A......"
- Reply: Kevin Spencer: "Re: asp.net machine A......"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 23 Feb 2004 04:54:19 -0000
I said catastrophy, because if there is a vulnerability in some page of
yours (let people inject something), then their injected code is runing
under "system".... that is how big problems usually happen. Even if you
control all input, how do you know there is no vulnerability in the ASP.Net
worker process itself that someone would be able to exploit, and get into
your machine as "system"
".NET Follower" <amitagarwal-NET@SoftHome.net> wrote in message
news:%23ekNHUc%23DHA.220@TK2MSFTNGP09.phx.gbl...
> hi,
> why it would be catastrophe...
> i am using username =system..
> and i did not face any such thing.....
>
> --
> Thanks and Regards,
>
> Amit Agarwal
> Software Programmer(.NET)
> "Malek" <kemmou@arrabeta.com> wrote in message
> news:uyNICob%23DHA.3900@tk2msftngp13.phx.gbl...
> > You want to delete the ASPNET account ? What for ? That is the account
> used
> > by the worker process of ASP.Net, it is not a very privileged account
> (much
> > safer to use than accounts you would create yourself for the aspnet_wp,
> > unless you really are an very prcise in what privileges you give that
> > account)...
> >
> > If you don't want to use ASP.Net at all, then maybe you are right in
> > deleting it.
> >
> > If you really want to make aspnet_wp use a different account, look into
> > machine.config (tha's where it is stated that it uses the "machine"
> account
> > is to be used ( in <processModel userName="machine" .../>). You can
modify
> > it to either "system", which would be a catastrophe, or to some
particular
> > user...
> >
> >
> > "boomer" <anonymous@discussions.microsoft.com> wrote in message
> > news:0E49F13C-AFDA-4FEE-9224-F2871BB1A7FD@microsoft.com...
> > > I have a new user in my computer titled ASP.NET Machine A..Where would
> it
> > have come from and should I delete it?
> >
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004
>
>
- Next message: Natty Gur: "Re: Need help writing special user control"
- Previous message: .NET Follower: "Re: cookieless session? Who has it working?"
- In reply to: .NET Follower: "Re: asp.net machine A......"
- Next in thread: .NET Follower: "Re: asp.net machine A......"
- Reply: .NET Follower: "Re: asp.net machine A......"
- Reply: Kevin Spencer: "Re: asp.net machine A......"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
