|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Role-based-Security... just switch it offI am trying to implement role based security in my C# program (define generic user, define roles and a generic principal during startup of the program). With "[PrincipalPermission(SecurityAction.Demand, Name=@"xxx", Role=@"yyy")]" I am trying to protect some areas of the code. A good example is the role "Teller1000$" and "Teller1Mio$". The first guy is allowed to do transactions up to 1000$, the second guy up to 1Mio. It is crutial that these demands are enforced. But if I open a command line and type "caspol -security off" everybody is allowed to do everything!!!!!! What is an elegant way to make sure, that my security policies cannot be switched off? Are there other ways to go around role based security which i have close? thanks a lot Daniel Hi,
well - you can only do a caspol -s off if you are an administrator. Users with administrative privileges can do everything to your system or your application. Besides that you can check if SecurityManager.SecurityEnabled is true. ----- Dominick Baier (http://www.leastprivilege.com) Show quoteHide quote > Hi all, > I am trying to implement role based security in my C# program (define > generic user, define roles and a generic principal during startup of > the program). > With "[PrincipalPermission(SecurityAction.Demand, Name=@"xxx", > Role=@"yyy")]" I am trying to protect some areas of the code. > A good example is the role "Teller1000$" and "Teller1Mio$". The first > guy is allowed to do transactions up to 1000$, the second guy up to > 1Mio. > It is crutial that these demands are enforced. > But if I open a command line and type "caspol -security off" everybody > is allowed to do everything!!!!!! > What is an elegant way to make sure, that my security policies cannot > be switched off? > Are there other ways to go around role based security which i have > close? > thanks a lot > Daniel "Daniel" <daniel.ul***@it-designers.de> wrote in message <snip>news:1166434726.788855.310870@73g2000cwn.googlegroups.com... > What is an elegant way to make sure, that my security policies cannot Do not depend on client-side functionality to impose principal-based > be switched off? security. Client-side permission verifications can be helpful with respect to functionality (e.g.: disabling/hiding buttons for actions that a user is not allowed to perform) and performance (avoid creating network traffic for actions that the user is not allowed to perform). However, the ultimate decision whether to permit an action should only be made on the machine affected by that action or on a machine is part of a trusted subsystem from the perspective of the target machine. (And client machines should generally not form part of a trusted subsystem for any server.) > Are there other ways to go around role based security which i have Yes. For example, your assembly could be modified to remove the permission > close? verifications. However, you can't completely prevent such things, so your only secure approach is not to rely purely upon client-side permission verifications. 
Other interesting topics
Impersonating when creating a process from inside a SQL Server Assembly
GetOwner and IdentityNotMappedException SecurityException: Request failed in LoadControl AES with SslStream token elevation Recognising user by their Network login Validate Signed XML against X.509 Certificate in .NET Validate Signed XML against X.509 Certificate in .NET Config Info in DMZ Need help parsing the Security Log's EventLogEntry.message |
|||||||||||||||||||||||
