tags:

views:

38

answers:

4
+1  Q: 

Why web sites run under less privileged user account (IUSR_ComputerName)?

Usually we define iis web sites which allow anonymous authentication to run under the IUSR_ComputerName account which has very limited privileges. For example we may decide it cannot access the file system. How does that make our web site any more secured? The user cannot run code on it anyway - only our website code runs and we make sure it does not cause any harm.

Edit: I understand why it is good to be on the safe side (e.g. iis exploit). My question is if there is any direct reason. For example, if I would never give a guest account full privileges on a sql server as it would immediately allow him full control over my server. This does not seem to be the case with iis.

+2  A: 

we make sure it does not cause any harm

You can be never sure about it doesn't cause any harm. One day, it might be exploited, and probably the less privileged user would save your data. No offense, but no one writes perfect code, therefore no code is vulnerability free.

erenon  2010-03-05 22:10:06
+1  A: 

If you have any network service you should assume that some random person on the internet has a command prompt on your machine running as that services's owner.

Now ask what damage that user good do?

Martin Beckett  2010-03-05 22:12:04
But that socket communicates with a web server which only allows to run code I have written.
Yaron Naveh  2010-03-05 22:13:50
The socket takes arbitrary data and writes it into memory - if you are good (or lucky) it doesn't execute that data!( if you really don't believe this, lookup buffer overflow )
Martin Beckett  2010-03-05 23:25:12
A: 

Typically, you may need to run your web site in a way that is a little less hardened from a security standpoint than, say, a domain server or exchange. For example, you may need to permit FTP access. Obviously, Internet web sites need to be accessed from the Internet so you cannot simply block all access with your firewall.

Because of the higher vulnerability, it is prudent to run your service with an account that has limited permissions. In the case where a malicious user does succeed in copying their own programs to be run on your server, those programs will have severe limitations as to what they can do.

Glenn  2010-03-05 22:12:47
A: 

You can run code on the server, for example you can delete files in a directory if the permissions are not set.

Dustin Laine  2010-03-05 22:13:19
How can this be done with POST and GET commands?
Yaron Naveh  2010-03-05 22:18:40

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security