Running BVC5 with Medium Trust - General Support

Welcome Guest! To enable all features please Login or Register.

Notification

Error

BV Commerce Forum » BV Commerce Support » General Support » Running BVC5 with Medium Trust

Running BVC5 with Medium Trust

Options

Previous Topic Next Topic

Andy Miller		#1 Posted : Friday, September 29, 2006 8:45:37 PM(UTC)
Rank: Member Joined: 11/5/2003(UTC) Posts: 2,136 Was thanked: 1 time(s) in 1 post(s)		BV Commerce 5 will not run with an unmodified Medium trust level...but you can get pretty close. I recently completely a full code review of my DHL Shipping Rate Provider to see if I could get it to run with Medium trust. Before I could complete my testing I had to get BVC5 running at Medium Trust. The real sticking points were the payment processors and shipping rate providers. The good news is that I now have a surgically modified Medium-like trust policy file: http://structured-solutions.net/BVC5MediumTrust [url=http://structured-solutions.net/DHLProviderRC2][/url] This policy file grants the minimum number of permissions above Medium required to run a BVC5 site. You are welcome to share this with your host if they configure sites to run at something less than Full Trust.
		Andy Miller Structured Solutions Shipper 3 - High Velocity Shipment Processing


User Profile View All Posts by User View Thanks

CodeSine		#2 Posted : Friday, September 29, 2006 10:04:44 PM(UTC)
Rank: Member Joined: 11/18/2003(UTC) Posts: 1,465		Good Work Andy. I might also point out that if you are very serious about security knowing your hosts abilities is more important than ever. For example: With Full Trust any web application running can scan any other web application on that same server such as retrieving a listing of files and directories outside of the root where the code executes. Bad. The solution is to run in Medium trust and open up only the areas that need (Like what Andy has provided) this does not pose such a security risk as full trust. However, just because your host is running medium trust does not mean you are safe. A malicious user can override the hosts medium trust settings if the host has not prevented this with: "allowOverride="false" in the machine level web.config file. Dedicated server clients where you are in full control of your box are ok to run in Full Trust as there will be no unknown shared users on your system.
		TIM BVC Add-Ons and Development


User Profile View All Posts by User View Thanks

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.