Webbrowser control security

I am using the Windows.Forms WebBrowser control in my ASP.Net app as a wrapper for the IE ActiveX control.

I already need to do the work with the control in a separate STA thread, so my question is what would be the best principal  to use on that thread to ensure the best security when working with pages? I want to run the browser with the least privileges possible.

What would be the best for security:
-Using the default generic Identity
-Using WindowsIdentity.GetAnonymous
-Or creating an account for this purpose and impersonating it

 Thanks!

0
Gilbes
5/1/2009 1:40:39 AM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies
1155 Views

Similar Articles

[PageSpeed] 16

Hi Gilbes,

Since you want to assign the least permissions, what about creating a new account? Also, you could manage the permissions later easier.

Thanks.


David Qian
Microsoft Online Community Support

Please remember to mark the replies as answers if they help and unmark them if they provide no help.
0
Wencui
5/5/2009 6:27:07 AM
Reply:

Similar Artilces:

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

Security Risks of using built-in security controls?
Hi,Our IT team have a policy whereby a database Server is not allowed on any of our web servers, for security reasons.  With the onset of the in-built security controls, the SQL server is automatically created and placed in the App_Data folder which resides on the web site.Could anybody point me to literature that would inform us whether having the SQL server on the web site will compromise the security of our web server, together with any ads or disadvantages of using this system.Also, if  SQL server is not allowed on the Web server, is it possible to use&...

(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-) Latest issue, #13: http://www.net-security.org/insecuremag.php (86 pages, with ads [not animated ads] - like a printed magazine) Archives of past issues: http://www.net-security.org/insecure-archive.php ISSUE 13 (September 2007) * Interview with Janne Uusilehto, Head of Nokia Product Security * Social engineering social networking services: a LinkedIn example * The case for automated log management in meeting HIPAA compliance * Risk decision making: whose call is it? * Interview with Zulfikar Ramzan, Senior Principal Re...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Security Briefs: Security Enhancements in the .NET Framework 2.0
Security Briefs: Security Enhancements in the .NET Framework 2.0 http://msdn.microsoft.com/msdnmag/issues/05/01/SecurityBriefs/default.aspx *********************************************************** Quote *********************************************************** As I write this column, version 2.0 of the Microsoft .NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.1 as well as 2.0. I then used WINDIFF.EXE to compare the two text files, and s...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Vulnerabilities and Security, is AJAX secure ?
Hi All, Since Microsoft's SmartClient technology did not succeed as expected (because its complex design and coding), I recently realized that I have no option but to try to improve my projects with AJAX. Although it's understandable to feel fear when using a "new" or "non-mature" technology, I found this document that made me think twice before I update some of my work to avoid users suffer the "POST" pain: http://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities Can somebody provide me some feedback about this text ?, I found it very...

Web resources about - Webbrowser control security - asp.net.security

Windows Phone WebBrowser control tips
This blog post was authored by Chee Chen Tong, a Program Manager on the Windows Phone team. - Adam Including a WebBrowser control in your Windows ...

CineXPlayer – The best way to enjoy your Xvid movies (inc. AC3/eAC3 + Dolby Digital Plus upto 5.1 channels) ...
Get CineXPlayer – The best way to enjoy your Xvid movies (inc. AC3/eAC3 + Dolby Digital Plus upto 5.1 channels) on the App Store. See screenshots ...

Wikipedia talk:AutoWikiBrowser/Bugs - Wikipedia, the free encyclopedia
Only use this page to report bugs in the current version of the software. Update to the most recent version, check to make sure your bug has ...

Privacy Policy - Beyond
Beyond International Limited is a leading international producer and distributor of television and digital content, headquartered in Sydney and ...

Google Chrome: gebruik een snelle, nieuwe browser. Voor pc, Mac en Linux
Google Chrome is een browser die een minimalistisch ontwerp combineert met innovatieve technologie waarmee browsen op het web sneller, eenvoudiger ...

ACCESS - Advanced Software Solutions - Mobile, Embedded, Connected TV, Connected Home, Automotive, Digital ...
ACCESS is a global provider of advanced software solutions and services to the mobile, embedded, connected TV, connected home, automotive, digital ...

Apps : The Billings Gazette - Montana & Wyoming News
Digital Subscriptions Advertise More Subscriber Services Contact Us About Us Mobile Apps Join the conversation Log In Register Subscribe Contribute ...

Bloglines
Bloglines

StencilsTop - Cacoo Store
The Cacoo Store is a store where Cacoo users can trade stencils and templates that you can use on Cacoo editor. The Cacoo Store is open for all ...

Stay refused on access to Gates
A federal judge denies Microsoft's request for a stay to appeal the ruling on public access to Bill Gates's questioning by the government. A ...

Resources last updated: 1/21/2016 11:03:25 PM