Using Console from the internet zone

Does anyone have a scenario where
you are using System.Console from the internet zone? We are trying to understand if we should
continue to enable using Console from the internet zone in Whidbey. Are there any scenarios that benefit
from using Console from the internet zone?


Comments (8)

  1. Is there a security concern? Why shouldn’t console-based applications be allowed to be served via HREF?

  2. I don’t have a specific scenario, but it seems strange that you would allow a Windows Forms UI, but not a console application. However, even though it seems counter intuitive, I’m all for anything that makes the Framework even more secure.

  3. Dominic Hopton says:

    I’ve never used it, and I think for a program from the internet zone, it’s very suspect to want to use it. I mean, if you look at it, why would you create a console app that launches from the internet zone? for what reason would you deploy a UI that confuses people over the internet? I can see administration tools delivered via the intRAnet being console, but not IntERnet.

    I concur with Brad in some respects. But if it’s not needed, then chuck it. I think if anything it could be used to confuse people into letting it do something nasty.

  4. chris says:

    What exposure does the console class add to the attack surface area? I can’t think of anything particularly nefarious that the console class would allow me to do…

  5. chris says:

    duh. 🙂 from now on, i’ll read the rest of your posts before commenting on one… yes, it seems like there is a well know exploit for the console class, so either 1.) patch console to protect against the backspace attack, or 2.) remove it from internet zone.

  6. Dominic Hopton says:

    The Backspace bug has been patched for a while now, but not on all OS’s.

  7. Brad Abrams says:

    Yup — I just wanted to show the CLASS of issues… not that this
    particular one is the main problem.

  8. Doug McClean says:

    Maybe Console.Beep in Whidbey?

