Yukon and HTTP.SYS revisited

Security Briefs

Home
Contact

Pluralsight Blogs

Syndication

Keith's books

Misc

Comments

mihailik wrote re: Yukon and HTTP.SYS revisited

on 06-29-2005 2:40 AM

Keith, may I ask you to tell about System.Net.HttpListener?

This new component based on HTTP.SYS, but there is no way to use it from non-admin acount. As you are Security guy, you should know how it is crazy to open inbound HTTP connection with admin privileges.

May be you can share the security scenario of this component.

Keith Brown wrote re: Yukon and HTTP.SYS revisited

on 07-01-2005 10:05 AM

As long as you reserve a set of prefixes ahead of time, you should be able to use HttpListener from a non-privileged account. I've not yet played with HttpListener myself, but if you look at Gudge's post, he shows how to use httpcfg to manage reservations.

http://pluralsight.com/blogs/keith/archive/2005/06/23/11906.aspx#FeedBack

mihailik wrote re: Yukon and HTTP.SYS revisited

on 07-01-2005 10:30 AM

Thank you very much, Keith. I'l try to realize how to use it right way.

And congratulations of became Visual Developer Security MVP! We are two from nine currently :-)

Dinis Cruz @ Owasp .Net Project wrote Http.Sys research

on 11-28-2005 3:19 AM

INF: Http.sys Registry Settings for IIS
Using Http.Sys to receive messages with WSE 2.0 , HTTP.SYS...

Add a Comment

Name: (required)

Website: (optional)

Comments (required)

Remember Me?

home instructor-led training online training blogs

781.749.9238 (East Coast) | 310.251.9901 (West Coast) | Pluralsight, LLC , 185 Lincoln St., Suite 305, Hingham, MA 02043-1741

Copyright © 2008 Pluralsight LLC. All rights reserved.

designed by nukeation

Yukon and HTTP.SYS revisited

Pluralsight Blogs

Syndication

Recent Posts

Tags

Keith's books

Misc

Recent Articles

Archives

Comments

Add a Comment