Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: ASP.NET Website Programming Problem-Design-Solution
This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old October 6th, 2004, 03:49 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: Atlanta, Georgia, USA.
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default ASP.NET Forms Auth security problem

Everyone who uses ASP.NET should look at this article about a name canonicalization security bug:

http://support.microsoft.com/?kbid=887459

This explains an easy work-around for this problem that just needs a couple lines of code added to global.asax, or the code-behind for this file.

This article doesn't go into detail to expain the risk, but this affects all sites that use ASP.NET Forms Authentication, and it's a serious matter. Ignore this warning at your own risk!

Eric
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
security problem asp net 2 amzar ASP.NET 2.0 Basics 1 August 4th, 2008 10:21 AM
Security In Asp.net 2.0 mallikalapati ASP.NET 2.0 Professional 2 February 11th, 2008 10:15 AM
Forms Auth and Roles ~Bean~ ASP.NET 2.0 Professional 1 August 22nd, 2006 11:35 AM
Dynamically changing Master Pages (Forms Auth) lancer ASP.NET 2.0 Basics 3 July 16th, 2006 10:59 PM
ASP.NET Security unclehughie Wrox Book Feedback 0 July 16th, 2003 03:45 PM



All times are GMT -4. The time now is 02:02 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.