tags:

views:

32

answers:

1
Q: 

What are the security issues to consider if shelling out from ASP.Net web app?

I've got an ASP.Net web app that needs to run processing tasks from time to time, based on the actions of an admin user. One of the tasks I'm looking at will require shelling out to run an a command-line app, to securely transfer a file. I have no choice but to use the command-line app I've been provided.

The ASP.Net page in question will call into my dll, and if the dll determines that the command-line app needs to be executed, it will do so.

I'm wondering about the potential security issues around setting this up, though. Is this stupid and/or dangerous? Can anyone comment, or suggest how I might safely tackle this problem?

Thanks.

+1  A: 

A lot depends on what the command line app is and what it can do. The biggest concern would be allowing user input to control what that app does. Is the file that is being transferred uploaded by the user? If so you may have opened yourself up for a trojan horse.

As far as safely tackling this...
Create a user account just for your application and then create a new IIS app pool and set the identity to this account. Configure your web application to use this app pool. Now only give that account permissions to resources required by your web app and command line helper app. When the web app launches this command line helper, it will run the command line process under the same security context as the app pool.

If an attacker tries to commandeer your system by manipulating the command line app, he should be foiled by operating system security. If your web app or helper app require so many privileges to run that the application account must be granted enough privileges that a human logged on locally with that account could modify system settings then you are in a very risky situation. Just say no!.

Mark Arnott  2010-02-22 17:43:06
No, file being transferred is coming in from a financial company and contains transaction information - and the user will have no access to modify any command-line args, except maybe a date parameter. All the helper app does is sFTP a file in from another server, and decrypt it.
Remi Despres-Smyth  2010-02-22 18:08:42
That sounds pretty safe. But it also sounds like you are dealing with sensitive information. So I would be paranoid and go through all the application account creation/configuration steps I mentioned.
Mark Arnott  2010-02-22 19:53:35
Thanks! This is the sort of thing that, to me, looks like there must be some sort of security issue I'm missing. I appreciate the second opinion.
Remi Despres-Smyth  2010-02-22 20:42:12

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps