dotnet distributed apps: UIP 2.0 specify App.config location how-to -- dotnet distributed apps

Re: UIP 2.0 specify App.config location how-to

Robert Koritnik
10/26/2004 9:44:59 AM

This is a multi-part message in MIME format.

------=_NextPart_000_001A_01C4BB40.757D1810
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

You didn't get the point. It doesn't mean you should put ALL the config =
information into SQL, but the parts, that define classes within =
assemblies that should be dynamicly loaded like state management class =
etc... It gives many suggestions. You should use AT LEAST ONE of them.

Excerpt:

Threat: Malicious assemblies are loaded during runtime
Threat target
An application that uses the UIP Application Block
Risk
Because UIP relies heavily on the configuration file, the =
configuration file can be used as a break-in point for hackers. UIP uses =
the configuration information to dynamically load assemblies. =
Additionally, critical information, such as the SQL Server connection =
string, is stored in the configuration file. This information is at risk =
because it is in plain text format.
Attack techniques
The attacker deploys malicious assemblies on the client and alters the =
configuration file to force UIP to load the malicious assemblies. The =
attacker can then take control of the workflow.=20
Countermeasures
=E2=80=93 Use the Configuration Management Application Block (CMAB) to =
increase the level of protection for the configuration file needs.
=E2=80=93 Specify another resource, such as the SQL Server computer, to =
provide the configuration information, instead of the traditional =
ExecutableAssemblyName.exe.config.
=E2=80=93 Permit UIP to read =E2=80=9CClass=E2=80=9D information from =
the configuration file only, instead of from the entire assembly =
information. The drawback to this approach is that all assemblies must =
be known at compile time.
=E2=80=93 Declare all assemblies that are part of the application and =
use SecurityAction.FullDemand.

--=20
RobertK
{ Clever? No just smart. }

[quoted text, click to view]
------=_NextPart_000_001A_01C4BB40.757D1810
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<META content=3D"MSHTML 6.00.3790.218" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DVerdana size=3D2>You didn't get the point. It doesn't =
mean you=20
should put ALL the config information into SQL, but the parts, that =
define=20
classes within assemblies that should be dynamicly loaded like state =
management=20
class etc... It gives many suggestions. You should use AT LEAST ONE of=20
them.</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2></FONT> </DIV>
<DIV><FONT face=3DVerdana size=3D2>Excerpt:</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2></FONT> </DIV>
<DIV><FONT face=3DVerdana size=3D2><STRONG>Threat: Malicious assemblies =
are loaded=20
during runtime</STRONG></FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2><STRONG>Threat =
target</STRONG><BR>  An=20
application that uses the UIP Application=20
Block<BR><STRONG>Risk<BR></STRONG>  Because UIP relies heavily on =
the=20
configuration file, the configuration file can be used as a break-in =
point for=20
hackers. UIP uses the configuration information to dynamically load =
assemblies.=20
Additionally, critical information, such as the SQL Server connection =
string, is=20
stored in the configuration file. This information is at risk because it =
is in=20
plain text format.<BR><STRONG>Attack techniques<BR></STRONG>  The =
attacker=20
deploys malicious assemblies on the client and alters the configuration =
file to=20
force UIP to load the malicious assemblies. The attacker can then take =
control=20
of the workflow. <BR><STRONG>Countermeasures<BR></STRONG>=E2=80=93 Use =
the Configuration=20
Management Application Block (CMAB) to increase the level of protection =
for the=20
configuration file needs.</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2>=E2=80=93 Specify another resource, =
such as the SQL=20
Server computer, to provide the configuration information, instead of =
the=20
traditional ExecutableAssemblyName.exe.config.</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2>=E2=80=93 Permit UIP to read =
=E2=80=9CClass=E2=80=9D information from the=20
configuration file only, instead of from the entire assembly =
information. The=20
drawback to this approach is that all assemblies must be known at =
compile=20
time.</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2>=E2=80=93 Declare all assemblies that =
are part of the=20
application and use SecurityAction.FullDemand.</FONT></DIV>
<DIV><FONT face=3DVerdana size=3D2></FONT><BR><FONT face=3DVerdana =
size=3D2>--=20
<BR>RobertK<BR>{ Clever? No just smart. }<BR></DIV></FONT>
<DIV><FONT face=3DVerdana size=3D2>"Gerg" <</FONT><A=20
href=3D"mailto:Gerg@discussions.microsoft.com"><FONT face=3DVerdana=20
size=3D2>Gerg@discussions.microsoft.com</FONT></A><FONT face=3DVerdana =
size=3D2>>=20
[quoted text, click to view]
face=3DVerdana=20
size=3D2>news:A0284E53-08E6-436F-B561-6B58D3EF9D15@microsoft.com</FONT></=
A><FONT=20
face=3DVerdana size=3D2>...</FONT></DIV><FONT face=3DVerdana =
size=3D2>> Hi,<BR>>=20
<BR>> The UIP documentation states, in Chapter 4, <BR>> <BR>> =
"Threat:=20
Malicious assemblies are loaded during runtime"<BR>> <BR>> And =
suggests=20
the following:<BR>> <BR>> "Specify another resource, such as the =
SQL=20
Server computer, to provide the <BR>> configuration information, =
instead of=20
the traditional <BR>> ExecutableAssemblyName.exe.config."<BR>> =
<BR>> My=20
question is: How to specify another resource for the app.config file as =
<BR>>=20
suggested above?<BR>> <BR>> Any help would be SUPER GREATLY...=20
Thanks<BR>> <BR>> Greg<BR>> <BR>> </FONT></BODY></HTML>

------=_NextPart_000_001A_01C4BB40.757D1810--