Writing Secure Code - Best Practices

Comments

# Mike said on February 19, 2004 12:21 PM:

"...as he always does."

Yeah right. I HAD to help you out, otherwise you wouldn't stop giving me grief for jamming out of the Winnipeg .NET User Group meeting last week!

;)

It was fun.

# Nikhil said on February 19, 2004 02:03 PM:

Hi Joel,
I thought your seminar was really useful and it gave me a lot to chew over. One of the main things that I liked was the concept of developing on ASP.NET with non-admin user privileges.
However I noticed one thing, which I find, is a general issue with concept of development with least privilege. You still need to run certain apps in admin mode.
In large organizations, typically, you are given one user id and that's it. Nobody would part with admin user ids to non network admin people. So if your user id has low privileges and you don’t have an admin user id to use then you’re stuck :)
I currently develop on Win 2K Professional with VS.NET 2002 (Yeah I know its "old" but that’s what our company standardized on).
Is there anyway to manage the IIS web server without using runas? How would you deal with such a situation?

# Paul said on February 20, 2004 08:00 PM:

Great job on the webcast!

You're welcome to grab them from my blog if ya like..
http://paul.bz/blog/posts/277.aspx

# Le said on March 6, 2004 07:26 PM:

Hello. I enjoyed your webcast, Writing Secure Code. I am trying to download the demos from www.dotnetwired.com I checked the download link but was not allowed access. Could you please advice what I am suppose to do?

Thank you,
Le
thumb90@hotmail.com

# Joel Semeniuk said on March 7, 2004 12:12 PM:

I didn't post the slides on www.dotnetwired.com like I said I would. You can find information on where I placed them here:
http://weblogs.asp.net/jsemeniuk/archive/2004/02/24/79627.aspx