Are there possible security concerns with exposing system.dll via web service?
https://stackoverflow.com/questions/4911573
-
29-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm curious what damage someone could do with just access to the System.dll namespace in C#.
I was playing around with dynamic code compiling and created a simple website which allows me to type in C# code. This is passed via web service to a class which complies and runs the code in a new thread and returns (code must return a string) the result via the WS and is displayed on the web page.
Right now I have a simple check to abort the thread if it runs for more than 5 seconds to ensure something simple like an infinite loop won't crash things.
"Hypothetically" speaking if I published this web application could someone do serious/any damage to a web server with just access to System.dll?
**bonus points for some sort of example! :)
No correct solution
