Skip to main content

ASP.NET Security Threat

By Philip Miseldine

Programming

Share:

Free JavaScript Book!

Write powerful, clean and maintainable JavaScript.

RRP $11.95

I’ve been busy fixing the many applications at University today with this new security threat to ASP.NET applications.

Put simply, its a matter of canonicalization that could allow users to enter password protected areas of your sites by simply altering a URL.

A good how-to guide is available on the Microsoft support site, yet no formal fix has yet been released. You can protect your application however, by dropping 5 lines of code into your global.asax (available on the page)

Also for .NET developers, grab the patch for the GDI+ JPEG buffer overrun bug that has also recently been fixed.

Update: You can now download a patch to update your servers. Thanks to tchansen for the heads up.

Philip is a Computer Science PhD student at Liverpool John Moores University. He's still not mastered guitar tabs, never finished Mario, and needs a haircut. He discusses life at http://www.miseldine.com/.

New books out now!

Learn the basics fo programming with the web's most popular language - JavaScript


A practical guide to leading radical innovation and growth.

Integromat Tower Ad