Programming
Article

ASP.NET Security Threat

By Philip Miseldine

I’ve been busy fixing the many applications at University today with this new security threat to ASP.NET applications.

Put simply, its a matter of canonicalization that could allow users to enter password protected areas of your sites by simply altering a URL.

A good how-to guide is available on the Microsoft support site, yet no formal fix has yet been released. You can protect your application however, by dropping 5 lines of code into your global.asax (available on the page)

Also for .NET developers, grab the patch for the GDI+ JPEG buffer overrun bug that has also recently been fixed.

Update: You can now download a patch to update your servers. Thanks to tchansen for the heads up.

Recommended
Sponsors
Because We Like You
Free Ebooks!

Grab SitePoint's top 10 web dev and design ebooks, completely free!

Get the latest in Front-end, once a week, for free.