Running with Least Privilege

Users and executable processes should run with no more privilege than is required to perform their tasks.

Note

• If you use SQL Authentication instead of Windows Authentication for your Commerce Server site, you must take additional steps to ensure that users who access Business Desk and Commerce Server Manager do not have unnecessary privileges in the production environment.

Any serious software flaw, such as a buffer overrun, that can lead to security issues will do less damage if the compromised software is running with few privileges. Problems occur when users unintentionally execute malicious code (for example, Trojan horses in e-mail attachments or code injection through a buffer overrun) that runs with the elevated capabilities of the user. For example, the process created when a Trojan is launched inherits all the capabilities of the caller. In addition, if the user is a member of the local Administrators group, the executed code can potentially have full system privileges and object access. The potential for damage is immense.

Copyright © 2005 Microsoft Corporation.
All rights reserved.