asp.net - System.Diagnostics will allow user kill their own process in IIS7 -

-

hosted customers in iis7 can use asp.net , system.diagnostics list system's process id. can kill ones belong own application pools. seems big security problems in iis7 shared hosting environment. suggestions on how prevent normal users accessing system.diagnostics? how limit administrators only?

unlike windows 2003 , iis6, many shared windows 2008/iis7 hosting environments provide customers dedicated application pools , full trust.

whilst customers may able launch , kill own processes (including own worker processes), provided identity of account site runs under locked down no real harm can done. benefit customer having code kills own application pool (other force restart of worker process allow application_start type events fire if need reload settings there)?

i work shared hoster, provide customers ability start, stop , recycle dedicated pools via our admin system, doing in code pretty same thing.

the worst can happen customer launches process consumes large amounts of memory or excessive amount of cpu (but own asp.net code can run away out of control doing same). monitor our servers continuously such anomalous behaviour , can track down culprit within 2-3 minutes of being alerted. end user friendly warning , told not again, if site instantly shut down.

the time i'd worried if hoster running shared pools @ full trust, if they're doing have whole other security headache overcome, process killing least of worries.


Comments

Post a Comment

Popular posts from this blog

c# - how to write client side events functions for the combobox items -

-
<dx:aspxcombobox id="aspxcombobox2" runat="server" clientidmode="autoid" selectedindex="-1" onselectedindexchanged="aspxcombobox1_selectedindexchanged1" > <clientsideevents selectedindexchanged="function(s, e) { grid.selectrows();}" /> <items> <dx:listedititem text="selecte rows" /> <dx:listedititem text="unselectall" /> </items> </dx:aspxcombobox> i want write event "unselect all" item in combobox. how can this? you'll need write javascript function iterates thru combo-box , marks selected items false. see select/unselect checkbox fields using pure javascript , html sample code msdn:
Read more

exception - Python, pyPdf OCR error: pyPdf.utils.PdfReadError: EOF marker not found -

-
pypdf throws exception: pypdf.utils.pdfreaderror: eof marker not found i don't need fix pypdf, need eof error cause "except" block execute , skip on file, doesn't work. still causes program stop running. background: batch ocr program pdfs python, pypdf, adobe pdf ocr error: unsupported filter /lzwdecode ... saga continues. i got 10,000 pdfs in folder. ocrd, not. can't tell 'em apart. step 1 figure out ones not ocrd , ocr (see other threads details). so i'm using pypdf. exceptions related unrecognized characters , unsupported filters when try read text. guestimated if throws exception, it's got text in , doens't go in list. problem solved, right? so: pypdf import pdffilewriter, pdffilereader import sys, os, pypdf, re path = 'c:\users\homer\documents\my pdfs' filelist = os.listdir(path) has_text_list = [] does_not_have_text_list = [] pdf_name in filelist: pdf_file
Read more