2 posts tagged with "security"

GitHub Copilot Coding Agent is an impressive and powerful tool for "autonomously" completing development tasks running in GitHub's environment. Like any tool, there is a learning curve ahead before any of us become truly high functioning, beginning with the statement of a well crafted prompt.

⚠️ But I have a concern: lack of commit signing. Should that stop us from adopting Coding Agent? TL;DR conclusion: time to relax the commit signing requirement.

Problem​

You have an ASP.Net web service/site that needs to access network resources, and IIS is running in a service account that you do not want to have access to those resources.

Solution​

Create a custom network account and setup a separate application pool. Microsoft article How To: Create a Service Account for an ASP.NET 2.0 Application outlines some pros/cons and gives a few alternatives, as well as giving the basic instructions. However, I found that these instructions had to be modified with inclusion of a few extra security rules. Steps: