ASP.NET's Hidden Dangers, Page 2
How to Protect Yourself from Attack
The simple and effective solution to most of the problems identified in this article is to reduce the Web application's trust level from 'Full Trust' to 'Medium Trust' (or ideally to 'Low Trust').
Unfortunately, with the current version of the .NET Framework (1.1), it is very difficult to create powerful 'Partially Trusted' environments.
The only real solution is to publish your Assemblies that require access to the .NET Framework Assemblies that don't have the APTCA (Allow Partially Trusted Callers Attribute) to the GAC (Global Assembly Cache).
This is painful and expensive, but something you will have to do if you want to create a secure Web Application, and if you care about the security of the servers hosting it.
"Only a server where all Web Applications run in 'Partially Trusted' environments HAS THE POTENTIAL to be considered a 'Secure' Server."
"A server that runs Web Applications in 'Full Trust' is insecure by design, by default, and in deployment. Such a server CAN NEVER BE considered a 'Secure' Server."
As mentioned before, this .NET functionality also has benign uses, and will enable a legitimate ASP.NET developer to create powerful and feature rich applications.
It all comes down to a balance between "Functionality vs. Security."
Download the accompanying source code here.
About the Author
Dinis Cruz is an experienced Security consultant based in London (UK) and specialized in ASP.NET Application Security, Active Directory Deployments and Ethical hacking. Dinis is also the creator and main developer of the OWASP's Open Source project: Asp.Net Security Analyser (ANSA). You can contact him at Dinis.firstname.lastname@example.org.