Tales from the Evil Empire

Bertrand Le Roy's blog


Bertrand Le Roy

BoudinFatal's Gamercard

Tales from the Evil Empire - Blogged

Blogs I read

My other stuff


Browse by Tags

All Tags » Security (RSS)
Recovering the admin password in Orchard
These things happen, and it seems hopeless at first: you've locked yourself out of your own site and that's that. Well, not quite. If you still have access to the database there is a way out. Access may be through FTP and WebMatrix or Visual Studio if...
Please read if you have public ASP.NET sites
Yesterday, a new crypto oracle-type vulnerability was publicly disclosed. It is an important vulnerability that is likely to be exploitable on a large proportion of ASP.NET sites, even those that are using configuration settings that were previously considered...
More on medium trust: what permission are you missing?
Yesterday, I asked some questions about your usage of medium trust . Thank you all for the great answers and comments (but don’t read too much into that, I’m just playing with stuff). If you haven’t answered yet, feel free to do so . Now I have an additional...
How important is medium trust to you?
I would be very grateful if you could drop me a note in comments answering the following questions: Do you run all, some or none of your web sites in medium trust? Why do you choose to run in that trust level? Are your sites externally hosted and if so...
How to choose a client template engine
Disclaimer: I worked on the Microsoft Ajax 4.0 template engine, so my criteria are of course heavily influenced by our own design. Templates are a data rendering method that server-side developers have enjoyed since the old days of classic ASP and PHP...
New tools to prevent SQL injection attacks
I've blogged in the past about injection attacks . Microsoft publishes additional new tools to detect and protect against injection attacks. The first tool, developed by HP, crawls web sites to automatically detect possible attacks, the second blocks...
Please, please, please, learn about injection attacks!
I answer a lot of posts on the forums of the ASP.NET site. And more often than I would like to, I answer a different question than the one the poster asked, because I happened to easily spot a potential injection attack in the posted code. Now, what is...
More Posts