Reputation: 6228
What Does CAS Protect an ASP.NET Application From?
What kind of malicious attack(s) is code access security supposed to protect an ASP.NET application from? Presuming a non-exotic scenerio, an ASP.NET app running on it's own box where you have full control over the application and server.
Upvotes: 0
Views: 133
Answers (1)
Reputation: 20992
CAS on an ASP.NET server has two main uses:
- Protect other resources on the server (such as other ASP.NET applications) from potentially malicious server-side code included in any given ASP.NET application.
- Provide defense-in-depth against potential attacks by users of any given ASP.NET application.
If you are the author of the one and only application hosted on your own server, scenario #1 is probably not particularly interesting to you. However, the defense-in-depth aspects might be more compelling. For example, running under medium trust could help thwart an exploit that attempts to read or write to file system locations outside the target application's directory, and that should be interesting even if you're all alone on your own server.
Upvotes: 1
Related Questions
- CAS Policy error in ASP.NET web Application
- Are there commercially deployed and used .NET CAS (Code Access Security) based applications?
- What is the purpose CAS (Code Access Security)?
- Asp.net Application Security
- Where does a custom CAS policy for ASP.NET have to go?
- Does anyone really use .Net CAS in their apps?
- Question about the working paradigm of Code Access Security (CAS)
- Question about Code Access Security (CAS)
- .net 2.0 assembly security
- Is it necessary to learn about Code Access Security (CAS)?