我有一个asp.net 3.5应用程序,可以将zip文件写入目录(Ionic zip-lib)。这让我的客户端担心这可能会打开服务器进行攻击。他的逻辑是:
这是真的吗?如果是,什么样的攻击?我该如何预防?
的确,一个人应该使用具有最低权限的帐户设置作为网站帐户。
ASPNET帐户拥有相当多的权限,因此确实存在一个问题。
然而,写入文件的事实并不会使文件本身变得危险。您的客户端可能意味着它可以被破坏以覆盖文件系统中的任何文件。
至于如何防止它,您可以在IIS中设置您的网站,使其在不同的、唯一的帐户下运行。仅授予该帐户将文件写入预期目录的权限。
您可以将网站设置为在特定的应用程序池下运行,然后将该应用程序池配置为在特定标识下运行。
In my webpages I have references to js and images as such: "../../Content/Images/"Filename" In my code if I reference a file as above, it doesnt work so i have to write: "c:/miscfiles/"filename" 1-...
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
I m looking for best practices here. Sorry. I know it s subjective, but there are a lot of smart people here, so there ought to be some "very good" ways of doing this. I have a custom object called ...
I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...
i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...
For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?
I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!
