Wrox Programmer Forums
|
BOOK: ASP.NET Website Programming Problem-Design-Solution
This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old October 6th, 2004, 03:49 PM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default ASP.NET Forms Auth security problem
Everyone who uses ASP.NET should look at this article about a name canonicalization security bug:

http://support.microsoft.com/?kbid=887459

This explains an easy work-around for this problem that just needs a couple lines of code added to global.asax, or the code-behind for this file.

This article doesn't go into detail to expain the risk, but this affects all sites that use ASP.NET Forms Authentication, and it's a serious matter. Ignore this warning at your own risk!

Eric





Similar Threads
Thread Thread Starter Forum Replies Last Post
security problem asp net 2 amzar ASP.NET 2.0 Basics 1 August 4th, 2008 10:21 AM
Security In Asp.net 2.0 mallikalapati ASP.NET 2.0 Professional 2 February 11th, 2008 10:15 AM
Forms Auth and Roles ~Bean~ ASP.NET 2.0 Professional 1 August 22nd, 2006 11:35 AM
Dynamically changing Master Pages (Forms Auth) lancer ASP.NET 2.0 Basics 3 July 16th, 2006 10:59 PM
ASP.NET Security unclehughie Wrox Book Feedback 0 July 16th, 2003 03:45 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.