Using Console from the internet zone


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Does anyone have a scenario where
you are using System.Console from the internet zone? style="mso-spacerun: yes"> We are trying to understand if we should
continue to enable using Console from the internet zone in Whidbey. style="mso-spacerun: yes">  Are there any scenarios that benefit
from using Console from the internet zone? "urn:schemas-microsoft-com:office:office" />


 

Comments (8)

  1. Is there a security concern? Why shouldn’t console-based applications be allowed to be served via HREF?

  2. I don’t have a specific scenario, but it seems strange that you would allow a Windows Forms UI, but not a console application. However, even though it seems counter intuitive, I’m all for anything that makes the Framework even more secure.

  3. Dominic Hopton says:

    I’ve never used it, and I think for a program from the internet zone, it’s very suspect to want to use it. I mean, if you look at it, why would you create a console app that launches from the internet zone? for what reason would you deploy a UI that confuses people over the internet? I can see administration tools delivered via the intRAnet being console, but not IntERnet.

    I concur with Brad in some respects. But if it’s not needed, then chuck it. I think if anything it could be used to confuse people into letting it do something nasty.

  4. chris says:

    What exposure does the console class add to the attack surface area? I can’t think of anything particularly nefarious that the console class would allow me to do…

  5. chris says:

    duh. :) from now on, i’ll read the rest of your posts before commenting on one… yes, it seems like there is a well know exploit for the console class, so either 1.) patch console to protect against the backspace attack, or 2.) remove it from internet zone.

  6. Dominic Hopton says:

    The Backspace bug has been patched for a while now, but not on all OS’s.

  7. Brad Abrams says:

    Yup — I just wanted to show the CLASS of issues… not that this
    particular one is the main problem.

  8. Doug McClean says:

    Maybe Console.Beep in Whidbey?