Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How useful is partial trust configuration in ASP.NET environment? If I have my own server, which I fully administratively control, setting up partial trust is only useful in types of attacks which somehow manage to upload and execute malicious code, but are not able to touch web.config to raise the trust level. Are such attacks possible?
I’ve beat my head against the wall on this one for a few years. With medium trust you quickly find out many, many 3rd party controls you use can’t cope with medium trust and you don’t always have the source code. As soon as you hit one line of code that must run in full trust and must not be put in the GAC–in my cases there were licensing restrictions on making the components sharable in the GAC–, you’re back to full trust.
My advice:
To date, the only reason I can think that someone must use medium trust is if: discount hosting, your organization demands it (because it’s on a check list), because you’re allowing users to upload dlls on purpose (say if you were running a online decompilation service or a programming contest to let users submit the fastest dll).