p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: ASP.NET Website Programming Problem-Design-Solution (http://p2p.wrox.com/forumdisplay.php?f=23)
-   -   ASP.NET Forms Auth security problem (http://p2p.wrox.com/showthread.php?t=19488)

englere October 6th, 2004 03:49 PM

ASP.NET Forms Auth security problem
 
Everyone who uses ASP.NET should look at this article about a name canonicalization security bug:

http://support.microsoft.com/?kbid=887459

This explains an easy work-around for this problem that just needs a couple lines of code added to global.asax, or the code-behind for this file.

This article doesn't go into detail to expain the risk, but this affects all sites that use ASP.NET Forms Authentication, and it's a serious matter. Ignore this warning at your own risk!

Eric


All times are GMT -4. The time now is 12:23 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.