Re: CasPol security
From: Steve (sbianco1_at_yahoo.com)
Date: 05/25/04
- Next message: jc_at_cody.com: "Socket handles during connection errors - C#"
- Previous message: Bob L.: "Re: HttpWebRequest.GetResponse() always times out"
- In reply to: Chris Rolon: "Re: CasPol security"
- Next in thread: Chris Rolon: "Re: CasPol security"
- Reply: Chris Rolon: "Re: CasPol security"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 25 May 2004 07:33:10 -0700
Chris.
I agree with your comments and thus is my concern.
However, while knowing nothing about security, it seems
running the Framework wizard "trust assembly" requires
that application be given full trust.
How can I [begin] to lower the trust level of the
application?
Steve
>-----Original Message-----
>The danger is that the application is being granted more
rights than
>necessary. If, somehow, the application were compromised
through a stack
>overrun or some other as yet undiscovered vulnerability,
a hacker could do
>damage to your system.
>
>As a matter of policy applications should not run with
privileges greater
>than absolutely necessary. That is why the security model
has changed and is
>based on where the code came from rather than on who is
logged in.
>
>--
>
>Chris Rolon
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
><anonymous@discussions.microsoft.com> wrote in message
>news:11dba01c44251$77d1aa30$a301280a@phx.gbl...
>> Whats the danger in doing:
>>
>> C:\...\caspol -enterprise -addfulltrust L:\foo.exe
>>
>> foo is a local network (non-web based) application that
>> references internal databases and general web based
>> information sites.
>>
>> Steve
>
>
>.
>
- Next message: jc_at_cody.com: "Socket handles during connection errors - C#"
- Previous message: Bob L.: "Re: HttpWebRequest.GetResponse() always times out"
- In reply to: Chris Rolon: "Re: CasPol security"
- Next in thread: Chris Rolon: "Re: CasPol security"
- Reply: Chris Rolon: "Re: CasPol security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
