I’ve been busy fixing the many applications at University today with this new security threat to ASP.NET applications.

Put simply, its a matter of canonicalization that could allow users to enter password protected areas of your sites by simply altering a URL.

A good how-to guide is available on the Microsoft support site, yet no formal fix has yet been released. You can protect your application however, by dropping 5 lines of code into your global.asax (available on the page)

Also for .NET developers, grab the patch for the GDI+ JPEG buffer overrun bug that has also recently been fixed.

Update: You can now download a patch to update your servers. Thanks to tchansen for the heads up.

Philip is a Computer Science PhD student at Liverpool John Moores University. He's still not mastered guitar tabs, never finished Mario, and needs a haircut. He discusses life at http://www.miseldine.com/.

Special Offer
Free course!

Git into it! Bonus course Introduction to Git is yours when you take up a free 14 day SitePoint Premium trial.