Stack Overflow
Stack Overflow

Questions tagged [least-privilege]

27 questions
18
votes
2 answers

Restricted PostgreSQL permissions for web app

Goal Create a database with three users and restrict their privileges (I'm just thinking out loud, so my user separation is also open to correction): Superuser - this user allows for the very initial provisioning of the database. Create the…
user2152081
  • 777
  • 1
  • 9
  • 17
11
votes
2 answers

Entify Framework Inserts require Select permissions

We use LINQ to Entities to write entries into an Audit database (SQL Server 2008). Since this is a dedicated Audit database, we only insert rows - we never read any rows, update or delete them from the auditing application. The auditing application…
Mark Seemann
  • 225,310
  • 48
  • 427
  • 736
4
votes
1 answer

Running Heroku Postgres with least privilege

Can I connect to a Heroku Postgres database via an web/application without the risk of dropping a table? I'm building a Heroku application for a third party which uses Heroku Postgres for the backend. The third party are very security sensitive so…
Mark Sivill
  • 825
  • 1
  • 9
  • 18
3
votes
1 answer

Identity Server by leastprivilege doesn't work properly on Azure

I am trying to implement an architecture that follows the OAUTH2/OIDC protocol. In order to do that, I have STS(Identity Server v3 by leastprivilege), ASP.NET WebApi and ASP.NET MVC application for a client. My goal was to have the STS and REST…
user2128702
  • 2,059
  • 2
  • 29
  • 74
3
votes
1 answer

Virtual Service Account without Network Access, like NT AUTHORITY\LocalService

Background: I'm writing a service and want to give it as few privileges as necessary. Virtual Accounts (sometimes "Virtual Service Accounts") are sparsely documented feature new to Windows 7/2008R2 that are automatically managed accounts for…
Fowl
  • 4,940
  • 2
  • 26
  • 43
2
votes
1 answer

Can I AutoCreate an IAM role for a Cloudformation stack from the template?

I've been told to restrict my Cloudformation to only the commands it needs. With a role. To create the role I can spend months going through my template to decide that launching an EC2 instance actually involves 10 different IAM items (like creating…
Max Allan
  • 859
  • 1
  • 8
  • 25
2
votes
1 answer

Principle of Least Privilege with Entity Framework

I am reading up on my security and have a general question. In a database, users should be granted the only the attributes that they require i.e. select, read, delete etc. When using Entity Framework as the ORM how can I implement this? The…
Chris
  • 365
  • 7
  • 19
2
votes
1 answer

Running an OSX Application with Low Privilege

I have an OSX Application that I am working on. It is not sandboxed (it is an internal application that does things which prevent sandboxing). At some point my application kicks off an auxiliary application, really just a command line application. I…
vcsjones
  • 138,677
  • 31
  • 291
  • 286
1
vote
0 answers

How can I create an IAM policy on AWS Secrets Manager to grant a group least privilege access. I only grant access to secrets created or owned. Thnx(:

How can I create an IAM policy on AWS Secrets Manager to only give a group/role least privilege access. I want them to only access the secrets they created and own and not any other secrets. Thank you for your help or guidance in advance ! I have…
samaws
  • 11
  • 1
1
vote
0 answers

Minimum IAM permissions required to attach SG to EC2 Instance?

When attempting to attach a security group to one of my ec2 instances, I am experiencing a permission-related error: ERROR - Failed to attach security group to EC2 instance due to the error software.amazon.awssdk.services.ec2.model.Ec2Exception: You…
Bri
  • 386
  • 4
  • 12
1
vote
1 answer

CloudFormation refusing to create AWS::KMS::Key with least privilege

Endeavouring to apply the principle of least privilege to a CMK I'm creating, the goal is to create a CloudFormation template that can be used via StackSets to the entire organisation. As a result, I want a key that can be used (kms:Encrypt,…
Robert Swift
  • 333
  • 3
  • 9
1
vote
3 answers

I want run my function in limited account with administrator permission

I want run my program under a limited user account but with administrator privileges on windows XP. I can't find an answer. I think I can use two ways: Run my program by another way like a program or a service Run my function with some method like…
imans62
  • 33
  • 4
1
vote
1 answer

Principle of least privilege vs User Interface Privilege Isolation

This has been always confusing me. Here is a statement which states "Principle of least privilege" whereas one more statement states, use UIPI to protect applications from low integrity level processes. As an application I may not do any privileged…
user738471
  • 879
  • 1
  • 8
  • 10
1
vote
0 answers

How do I assert that a SqlCommand runs with lowest possible privileges?

I am securing an ASP.NET/MVC web application running on top of MS SQL. As part of that I have different database connections to perform different things in the website. EDIT - Of course it is up to the DBA and Ops people to decide how data is…
hrillo666
  • 99
  • 1
  • 7
1
vote
1 answer

Disabling the SeDebugPrivilege in C#

I have a program based on WPF in C#, and I want to remove the user's privileges for debugging the application (SeDebugPrivilege) (in Release mode at least). What's the best way to go about this ? I've found a couple of ways of doing it in code that…
Alex Marshall
  • 10,162
  • 15
  • 72
  • 117
1
2