Hosting provider security issues
hosting security issues
ok I'll try it
in the meantime can you give the exact same details as below but for the MySQLDirect for .NET 3.5.14 component
"Then, the following permissions are required by OraDirect .NET:
in Direct mode - medium trust plus SocketPermission;
in OCI mode - medium trust plus ReflectionPermission, RegistryPermission, EnvironmentPermission for PATH environment variable, FileIOPermission for Oracle Client.
"
Saying medium trust is ok is not enough, I am trying to resolve an issue with our hosting provider which is preventing us for getting several websites deployed.
They are asking for detailed security information and saying "medium trust should be ok" is not what they want to hear.
please help me to resolve this issue
Thanks
in the meantime can you give the exact same details as below but for the MySQLDirect for .NET 3.5.14 component
"Then, the following permissions are required by OraDirect .NET:
in Direct mode - medium trust plus SocketPermission;
in OCI mode - medium trust plus ReflectionPermission, RegistryPermission, EnvironmentPermission for PATH environment variable, FileIOPermission for Oracle Client.
"
Saying medium trust is ok is not enough, I am trying to resolve an issue with our hosting provider which is preventing us for getting several websites deployed.
They are asking for detailed security information and saying "medium trust should be ok" is not what they want to hear.
please help me to resolve this issue
Thanks
error message
Hi this is the error we are getting
Server Error in '/' Application.
--------------------------------------------------------------------------------
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.CheckNReturnSO(PermissionToken permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 unrestrictedOverride, Int32 create) +0
System.Security.CodeAccessSecurityEngine.Assert(CodeAccessPermission cap, StackCrawlMark& stackMark) +62
System.Security.CodeAccessPermission.Assert() +20
CoreLab.Common.aq.a(Type A_0, String& A_1, Assembly& A_2) +127
CoreLab.Common.aq.a(LicenseContext A_0, Type A_1, String& A_2, Boolean& A_3, String& A_4) +41
CoreLab.Common.aq.a(LicenseContext A_0, Type A_1, Object A_2, Boolean A_3) +1261
CoreLab.MySql.MySqlConnection.Open() +98
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +121
System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) +162
System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) +107
DataSet1TableAdapters.testTableAdapter.GetData() +108
Server Error in '/' Application.
--------------------------------------------------------------------------------
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.CheckNReturnSO(PermissionToken permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 unrestrictedOverride, Int32 create) +0
System.Security.CodeAccessSecurityEngine.Assert(CodeAccessPermission cap, StackCrawlMark& stackMark) +62
System.Security.CodeAccessPermission.Assert() +20
CoreLab.Common.aq.a(Type A_0, String& A_1, Assembly& A_2) +127
CoreLab.Common.aq.a(LicenseContext A_0, Type A_1, String& A_2, Boolean& A_3, String& A_4) +41
CoreLab.Common.aq.a(LicenseContext A_0, Type A_1, Object A_2, Boolean A_3) +1261
CoreLab.MySql.MySqlConnection.Open() +98
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +121
System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) +162
System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) +107
DataSet1TableAdapters.testTableAdapter.GetData() +108
Seemingly, you have some security settings changed (different from the default ones) in Microsoft .NET Framework Configuration. Try to debug using these strings:
They react to that permissions the same way.
Code: Select all
FileIOPermission permission1 = new FileIOPermission(PermissionState.Unrestricted);
permission1.Assert();
try {
text2 = AppDomain.CurrentDomain.SetupInformation.ApplicationBase;
}
finally {
CodeAccessPermission.RevertAssert();
}
The detailed security information is:
Code: Select all
Security issues
Hi I understand the hosting party have contacted you directly about this issue and they are now awaiting a response from your sales department.
I hope a positive answer is forthcoming so we can continue to develop our solutions using corelab technology.
Many thanks for your help so far
I hope a positive answer is forthcoming so we can continue to develop our solutions using corelab technology.
Many thanks for your help so far
Security issues
HiI have not heard anything about this issue since last week , and it is now beyond a priority for us.
Can you send me contact details for the relevant party regarding licensing
Thanks
Can you send me contact details for the relevant party regarding licensing
Thanks
Security issues
Hi thanks for providing our hostingparty with the information.
Our developer uses licensened corelab components to develop sites for us. I won't post the license number here for obvious reasons
Our developer uses licensened corelab components to develop sites for us. I won't post the license number here for obvious reasons
Security issues
Hi Aleksey
This is the response of the hosting provider
is there a good answer for them?
"We don't supply socketpermissions for .net. So direct mode doesn't seem
to be the option to use.
We assumed that placing the assembly in the GAC would give it enough
rights. Unfortunately this wasn't the case.
If you want to use the non direct mode libmysql.dll is needed. We don't
want to place this dll in the path or register it on the webserver. Can
Core Lab tell us were to place this dll so the MySQLDirect connector can
find it."
This is the response of the hosting provider
is there a good answer for them?
"We don't supply socketpermissions for .net. So direct mode doesn't seem
to be the option to use.
We assumed that placing the assembly in the GAC would give it enough
rights. Unfortunately this wasn't the case.
If you want to use the non direct mode libmysql.dll is needed. We don't
want to place this dll in the path or register it on the webserver. Can
Core Lab tell us were to place this dll so the MySQLDirect connector can
find it."
Security issues
Thanks to Aleksey this topic has been resolved by copying the libmysql.dll file to the "%:\WINDOWS\assembly\GAC_MSIL\CoreLab.MySql\3.50.14.0__09af7300eec23701\" or
so. folder
Many thanks
so. folder
Many thanks
File IO Permission in Medium Trust
I'm getting the following error trying to use MySqlDirect (3.50.12.0) in medium trust (set by hosting provider) with ASP.NET 2.0.
[SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Reflection.Assembly.VerifyCodeBaseDiscovery(String codeBase) +118
System.Reflection.Assembly.GetName(Boolean copiedName) +59
System.Reflection.Assembly.GetName() +6
CoreLab.Common.am.a(Assembly A_0) +10
CoreLab.Common.ap.a(Type A_0, String& A_1, Assembly& A_2) +1111
CoreLab.Common.ap.a(LicenseContext A_0, Type A_1, String& A_2, Boolean& A_3, String& A_4) +41
CoreLab.Common.ap.a(LicenseContext A_0, Type A_1, Object A_2, Boolean A_3) +1261
CoreLab.MySql.MySqlConnection.Open() +98
MySqlSource..ctor() +93
base_login.Auth_User(String strUser, String strPwd) +33
base_login.btnLogin_Click(Object sender, EventArgs e) +82
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.base_login_aspx.ProcessRequest(HttpContext context) +29
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
The web site was working before the provider changed the trust level on the server to medium (with no advance warning, but that's another issue...). The provider says the ONLY security change they made was setting trust to medium.
I've tried direct=true and direct=false with same result.
I get the same exception on my development box when I set trust=medium in the application's web.config file (again, direct=true or false doesn't fix it), all other security settings are ASP.NET 2.0 defaults.
[SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Reflection.Assembly.VerifyCodeBaseDiscovery(String codeBase) +118
System.Reflection.Assembly.GetName(Boolean copiedName) +59
System.Reflection.Assembly.GetName() +6
CoreLab.Common.am.a(Assembly A_0) +10
CoreLab.Common.ap.a(Type A_0, String& A_1, Assembly& A_2) +1111
CoreLab.Common.ap.a(LicenseContext A_0, Type A_1, String& A_2, Boolean& A_3, String& A_4) +41
CoreLab.Common.ap.a(LicenseContext A_0, Type A_1, Object A_2, Boolean A_3) +1261
CoreLab.MySql.MySqlConnection.Open() +98
MySqlSource..ctor() +93
base_login.Auth_User(String strUser, String strPwd) +33
base_login.btnLogin_Click(Object sender, EventArgs e) +82
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.base_login_aspx.ProcessRequest(HttpContext context) +29
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
The web site was working before the provider changed the trust level on the server to medium (with no advance warning, but that's another issue...). The provider says the ONLY security change they made was setting trust to medium.
I've tried direct=true and direct=false with same result.
I get the same exception on my development box when I set trust=medium in the application's web.config file (again, direct=true or false doesn't fix it), all other security settings are ASP.NET 2.0 defaults.