'[Owasp-dotnet] Unless ALL hosted websites run in partial trust then I can't see how this improves se'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-dotnet
Subject:    [Owasp-dotnet] Unless ALL hosted websites run in partial trust then I can't see how this improves se
From:       "Dinis Cruz" <dinis () ddplus ! net>
Date:       2005-10-27 6:00:51
Message-ID: 65c1b22cf00e451585d252295e3802de () ddplus ! net
[Download RAW message or body]

(just posted here: http://weblogs.asp.net/scottgu/archive/2005/10/15/427581.aspx)
  
"...If ISPs continue to host their client's asp.net websites in full trust, then I \
can't see how this improves security.

 That said, I am quite interrested in this "deep clean" check and see what is your \
current definition of 'malicious things'.

 Most hosters don't care about security and as long as the rate of attacks doesn't \
increase, they are happy to provide their clients Full Trust Asp.Net environments \
which have NO REAL security and are easy to compromize.

 Dinis Cruz
 .Net Security Consultant
 Owasp .Net Project Leader ..."


[Attachment #3 (text/html)]

<font face="arial" size="2">(just posted here: \
http://weblogs.asp.net/scottgu/archive/2005/10/15/427581.aspx)<br /> &nbsp;<br \
/>"...If ISPs continue to host their client's asp.net websites in full trust, then I \
can't see how this improves security.<br /> <br /> That said, I am quite interrested \
in this &#8220;deep clean&#8221; check and see what is your current definition of \
'malicious things'.<br /> <br /> Most hosters don't care about security and as long \
as the rate of attacks doesn't increase, they are happy to provide their clients Full \
Trust Asp.Net environments which have NO REAL security and are easy to compromize.<br \
/> <br /> Dinis Cruz<br /> .Net Security Consultant<br /> Owasp .Net Project Leader \
..."<br /> <br /></font>


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Owasp-dotnet mailing list
Owasp-dotnet@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-dotnet

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic