Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Hosting internet web site under UltiDev Cassini
Ultidev Team
#1 Posted : Tuesday, June 27, 2006 10:24:51 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Is it possible? Yes.
Is it a good idea? Probably not.

UltiDev Cassini was designed to be intranet/group-level web server. Its primary advantage over competition is that it is very easy to redistribute Cassini along with your applications and thus deliver your web apps to customers who don't have IT staff necessary to setup and maintain IIS. Cassini is not designed to be on the edge of your network facing the Internet & never ending hacker attacks. It was designed to be used inside LANs, behind firewalls. To simplify application development, UltiDev Cassini service runs under the powerful "Local System" account, which allows access to or modification of just about any file on the system by the application, at the price of making the system more vulnerable to outside attacks. For public web sites we recommend using use IIS. (We are working on HttpVPN™ - a solution that will eventually allow intranet web applications be accessible on Internet in a secure manner.)

Having said that, here's what you can do to lock Cassini down if you absolutely must use UltiDev Cassini to host Internet web site:
- Change the identity of Cassini service process. By default it is "Local System" - a very powerful account. Use "Network Service" or other account with very limited privileges. (This will make Cassini Explorer a read-only application);
- Disable Cassini Explorer by manually removing its entry from the CassiniMetabase.xml file located at "C:\Documents and Settings\All Users\Application Data\UltiDev\Cassini\" folder.
- Give "Network Service" (or whichever account you selected instead of SYSTEM) Read access rights to the "C:\Documents and Settings\All Users\Application Data\UltiDev\Cassini\" folder and all its contents. Also grant "Network Service" Write access to "C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files".

These measures, however, do not make it equally secure to IIS. If you decide to go with it anyway, have your site regularly checked by Nessus scan or a similar tool that attempts to find known exploits in your setup.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Rss Feed  Atom Feed
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.