模仿的替代方法 [英] alternative for impersonation
本文介绍了模仿的替代方法的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好,
我想将文件从一台服务器移到域中的另一台服务器.
我已经通过模拟完成了此操作.
但是使用管理员帐户进行模拟似乎是一个安全问题.
我可以知道模拟的替代方法吗..
hi guys,
i want to move files from one server to another in a domain.
i have accomplished this using impersonation.
but using an admin account for impersonating looks like a security problem.
can i know is there an alternative for impersonation..
推荐答案
您是对的,模拟确实会带来安全风险,如果域管理员登录,这种风险自然会更高.
我曾尝试在网络上搜索有关何时使用模拟的好文章,因为这种取舍非常复杂. Scott Hanselman的帖子 [
You are right, impersonation does pose security risk, this risk is naturally higher if domain admins are logging in.
I''ve tried searching the web for a good article about when to use impersonation as the trade-offs are quite complicated. This Scott Hanselman post[^] is the best I have found. To quote:
You might need impersonation if you need to:
- Flow the original caller''s security context to the middle tier and/or data tier of your Web application to support fine-grained (per-user) authorization.
- Flow the original caller''s security context to the downstream tiers to support operating system level auditing.
- Access a particular network resource by using a specific identity.
这篇关于模仿的替代方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文