|
On Mon, October 13, 2008 15:23, Graeme Fowler wrote:
> On Mon, 2008-10-13 at 15:13 -0500, David Dyer-Bennet wrote:
>> My desktop system is part of the corporate domain. So are the desktops
>> of
>> the people doing Windows development. Why would making a server part of
>> the domain be any more dangerous than that? And that's standard
>> anywhere
>> that does Windows development.
>
> You're personally fairly unlikely to run code as a system account,
> especially when developing - you're more likely to run it as yourself.
> Of course, many developers and sysadmins make themselves admins on their
> own machines (makes installing software just *so* much more convenient
> than doing "runas") so the security arguments in those cases are
> slightly damaged anyway :)
I think "myself" is defaulting to being an admin on my desktop -- at
least I never have any trouble installing code on this system. (*Not* a
Windows admin expert!)
> Allowing arbitrary code (think of the mass of .NET examples out there)
> to be executed under the IIS framework is a dangerous game, especially
> (as is often the case) when it's being executed by a user with elevated
> privileges (like the Network Service user which IIRC is the default user
> for IIS code execution).
>
> This is, of course, a massive Catch-22 for hosting operations, and is
> the reason why app pools came along in IIS6 which allowed almost
> complete segregation of execution environments which themselves ran as
> non-privileged users. Much tidier than it used to be.
Yep, hosting gets complicated, that's for sure!
> In your environment you might not be exposing the web servers to that
> nasty Intertubes thingmy, which makes security all the easier to manage.
Right, we're not.
--
David Dyer-Bennet, dd-b@xxxxxxxx; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info
|
