Since you are not running in partial trust - the missing CAS attributes don't
make any difference for that scenario.
You should however strong name the assemblies (generally) - this makes it
harder for someone to replace assemblies on the server - since the public
key token is part of the calling assembly (e.g. the compiled page) an attacker
would have to replace the assembly _and_ the calling assembly.
-----
Dominick Baier (
http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (
http://www.microsoft.com/mspress/books/9989.asp)
[quoted text, click to view] > Greetings,
>
> I have built an ASP.NET (.NET 1.1) based web application for a
> financial services company.
> There are approx. 45 assemblies in the web application, and they are
> all private assemblies (i.e. deployed in the local bin folder).
> Recently, the customer has run a security source code scanning tool to
> detect potential security vulnerabilities in the application.
> One of the common issues that the tool reported is the lack of strong
> name signing of the assemblies and code access security (LinkDemand,
> more specifically) when cross-assembly calls are made.
> Given that this is a web application, accessible only over HTTP, not
> distributed outside of our environment, and the company has previous
> performed a professional external penetration testing of the web
> application - how exploitable is the lack of code signing and CAS in
> this case?
>
> If exploitable, what would be the typical steps a hacker would follow
> to exploit the lack of CAS and are there any other compensating
> controls that can instituted on an immediate basis?
>
> Thanks.
> Harold
