Understanding Security in Microsoft Internet Explorer 6 in Windows XP SP2


Nice doc…


http://www.microsoft.com/downloads/details.aspx?FamilyId=E550F940-37A0-4541-B5E2-704AB386C3ED&displaylang=en

Comments (3)

  1. Kevin Mesiab says:

    A littl off topic here Michael, but in response to a blog entry you posted about disabled RAW sockets.

    I need to perform ARP/RARP on my local subnet. Is this now out of the question due to SP2?

  2. Bruno Spinelli says:

    Hi Michael,

    My Name is Bruno Spinelli, i´m a brazilian developer, and i have a question about how the choosing process of the right user in which the application will be executed really works.

    Let’s imagine a scenario here, where I have an Asp.net application set up on the IIS to authenticate every request as an anonymous user (IUSR_xyz), so when the request arrive , the IIS will impersonate the request with the IUSR account and will forward it to the ASP .Net ISAPI Extension (because of the *.aspx file extension), so the request will pass through the Asp.net pipeline.

    My questions are: Who is the responsible for the impersonation process on ASP .Net pipeline? Is the HttpRuntime, the one that looks to the web.config, to impersonate or not? If this is true does the HttpRuntime has the logic to know what is the version of the IIS to impersonate the right user (5 => ASPNET or 6 => NetworkService), in case the impersonation option is configured to be off on the web config of the application?

    Tks for the attention and the amazing "Write Secure Code" Book !!!

  3. Bruno Spinelli says:

    Hi Michael,

    My Name is Bruno Spinelli, i´m a brazilian developer, and i have a question about how the choosing process of the right user in which the application will be executed really works.

    Let’s imagine a scenario here, where I have an Asp.net application set up on the IIS to authenticate every request as an anonymous user (IUSR_xyz), so when the request arrive , the IIS will impersonate the request with the IUSR account and will forward it to the ASP .Net ISAPI Extension (because of the *.aspx file extension), so the request will pass through the Asp.net pipeline.

    My questions are: Who is the responsible for the impersonation process on ASP .Net pipeline? Is the HttpRuntime, the one that looks to the web.config, to impersonate or not? If this is true does the HttpRuntime has the logic to know what is the version of the IIS to impersonate the right user (5 => ASPNET or 6 => NetworkService), in case the impersonation option is configured to be off on the web config of the application?

    Tks for the attention and the amazing "Writing Secure Code" Book !!!