Re: Having ASPNET member of Administrators

From: Matt Berther (mberther_at_hotmail.com)
Date: 01/28/05

• Next message: Jeff Robichaud: "Re: Having ASPNET member of Administrators"
• Previous message: William F. Robertson, Jr.: "Re: Array type"
• In reply to: Kevin Spencer: "Re: Having ASPNET member of Administrators"
• Next in thread: Kevin Spencer: "Re: Having ASPNET member of Administrators"
• Reply: Kevin Spencer: "Re: Having ASPNET member of Administrators"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 28 Jan 2005 13:12:12 -0800

Hello Kevin,

> The principle of least privilege. Where did you find that?

http://c2.com/cgi/wiki?PrincipleOfLeastPrivilege

> If it were always a bad idea to run ASP.Net under the System account,
> Microsoft wouldn't have bothered to make that option available. Making
> the ASP.Net account a Network Admin has much the same effect. I agree,
> he's painting with a broad brush, but the objective is to prevent
> spills, not to paint with the smallest brush possible.

I agree, to a point. Typically people try to cover up the root problem by
throwing more permissions at it. I wrote a post about this early last year
(http://www.mattberther.com/2004/04/000463.html).

--
Matt Berther
http://www.mattberther.com

---

• Next message: Jeff Robichaud: "Re: Having ASPNET member of Administrators"
• Previous message: William F. Robertson, Jr.: "Re: Array type"
• In reply to: Kevin Spencer: "Re: Having ASPNET member of Administrators"
• Next in thread: Kevin Spencer: "Re: Having ASPNET member of Administrators"
• Reply: Kevin Spencer: "Re: Having ASPNET member of Administrators"
• Messages sorted by: [ date ] [ thread ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)