Is there really a problem running a application under full trust as long as it is possible to control the configuration of the machine?
+3
A:
Define "ok"
Full Trust means that the application can pretty much do anything it wants, however it's limited by the application pool it runs under, for example, if you run it as Network Service it's not going to be able to access C:\windows, but it could use impersonation to login as the administrator account (if you also had the password) and then run wild.
blowdart
2009-06-09 07:36:53
+3
A:
Full trust gives the application a lot of power:
From http://msdn.microsoft.com/en-us/library/tkscy493.aspx
Specifies unrestricted permissions. Grants the ASP.NET application permissions to access any resource that is subject to operating system security. All privileged operations are supported. This setting is named Unrestricted in the AspNetHostingPermissionLevel enumeration.
So I would say avoid it if at all possible, especially if using code from other sources.
I view it as the equivalent to running Windows apps as Admin.
Be sure to read the comment from blowdart with regards to how ACL's affect permissions
I guess what I meant is that while it is not the same as running as Admin, it's a case of "more permissions than required" - I always keep in mind as a rule of thumb you should only ever give the minimum required for the application to function.
Rob Cooper
2009-06-09 07:38:12
Ah but it's not. Even running an ASP.NET application in full trust the ACLs come into play, so if you're running the application pool as a limited account then it's still hard to do things like wander outside your application directory, get access to DPAPI encryption keys, access the certificate store, etc.
blowdart
2009-06-09 08:06:46
Very true.. Updated to make sure people read your comment :)
Rob Cooper
2009-06-09 08:11:50