I am trying to get your "Security Best Practices" implemented toward production site and one of them is:
Write/Modify permissions to the root Images folder
http://manual.aspdotnetstorefront.co...practices.aspx
However my network admin refused to do so saying there is potential security risk giving write/modify access to Images folder. he quoted some writings from MSDN like this:
"The biggest security risk of giving the Network Service Account write permissions to folders is experienced in shared hosting or when you run multiple websites on the same server.
Basically, if you grant modify permissions then every other ASP.NET application that server is configured to run as Network Service (all by default) will also have write permissions to that folder, which could be exploited."
Now I cannot upload images through the Admin page and instead I will have to use FTP to place them into the folder.
Is there any risk in reality? if answer is NO (I agree because your software is widely used and no one reported any security holes as far as I know), could you please give me some grounds so that I can persuade him to follow your security best practices?
Thanks.