Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’d like to know which are the security risks of running an asp net application with an administrator account.
I might end up doing this and I’d like to be aware of the known security wholes I would have.
I’m connecting to a sql server using sql authentication so excessive privileges to execute queries is out of the list.
I am having trouble coming up with a scenario where this would actually make sense — you can always delegate specific permissions to a named user to get them the specific admin-style rights they need.
As for the question at hand, direct risk isn’t any greater than any other web application inasmuch as a web app is a big honking hole through your firewall. The indirect risk is very, very scary. You are trying to turn the clock back to 2000 when IIS5 was setup to run as local system making every single case of “IIS can be made to run arbitrary commands” into “anyone can own your box over port 80.”
If you do have to do this, I’d consider putting firewalls behind the server too. That way, when it does get rooted, you’ve got some defenses. I’d also use unique accounts, etc.