模仿的替代方法 [英] alternative for impersonation

问题描述

大家好，

我想将文件从一台服务器移到域中的另一台服务器.
我已经通过模拟完成了此操作.
但是使用管理员帐户进行模拟似乎是一个安全问题.

我可以知道模拟的替代方法吗..

hi guys,

i want to move files from one server to another in a domain.
i have accomplished this using impersonation.
but using an admin account for impersonating looks like a security problem.

can i know is there an alternative for impersonation..

推荐答案

您是对的，模拟确实会带来安全风险，如果域管理员登录，这种风险自然会更高.
我曾尝试在网络上搜索有关何时使用模拟的好文章，因为这种取舍非常复杂. Scott Hanselman的帖子 [

You are right, impersonation does pose security risk, this risk is naturally higher if domain admins are logging in.
I''ve tried searching the web for a good article about when to use impersonation as the trade-offs are quite complicated. This Scott Hanselman post[^] is the best I have found. To quote:

You might need impersonation if you need to:

• Flow the original caller''s security context to the middle tier and/or data tier of your Web application to support fine-grained (per-user) authorization.
• Flow the original caller''s security context to the downstream tiers to support operating system level auditing.
• Access a particular network resource by using a specific identity.

这篇关于模仿的替代方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！