I have written my own web server in c++, and now I want it to run with real time priority, but for changing the priority to real time one needs the application to be running in elevated mode. Hence my question Is running a HTTP server elevated a security risk?
Thanks.
This question is a bit too broad. But, yes it is a security risk. If a user finds an exploit in your web server, either accidentally or maliciously, he or she may use that exploit to possibly execute code in the security context under which your web server runs... which in your case will be fully elevated, meaning the attacker can thoroughly and completely own your entire server. This is precisely why we don't run web servers under Local System or other administrator accounts. Noobixide's comment is totally valid as well. If an attacker figures out how to DoS your web server, it will be running with real-time priority, and the operating system will be helpless to stop or throttle it. Your entire server will become unusable.
