Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Full Trust in .NET applications
Posted by: gunwant_s
Date: March 01, 2009 07:52AM

Hi all,

I am not very sure if this question relates to this group but I couldn't find any other place for this question. Feel free to move it wherever appropriate.

What I am curious about is the 'Full Trust' configuration in .NET applications, which as we know is the default configuration for an application. Now I understand that 'Full Trust' enables the access of resources which are not meant for a malicious user to fiddle with. (Fyi) For example, The URL:

[http://www.test.com/download.aspx?file=report.pdf]

also enables a malicious user to access sensitive files. Say,

[http://www.test.com/download.aspx?file=../../../web.config]

That is basically exploiting the Full Trust of .NET applications.
Now my question. I want to know if one is to configure 'Partial Trust',how unmanageable is it? I read quite a lot of documentation on this although I couldn't figure out, what issues a particular application can confront while configured for 'Partial Trust'. I know web.config can be used for configuring 'Partial Trust' but what other details/settings do I need to consider for a perfect configuration of the same. And what problems can occur so I be cautious before in time?

Any thoughts on this?

Thanks.

Options: ReplyQuote


Sorry, only registered users may post in this forum.