Browse by Tags
All Tags »
Security (
RSS)
These things happen, and it seems hopeless at first: you've locked yourself out of your own site and that's that. Well, not quite. If you still have access to the database there is a way out. Access may be through FTP and WebMatrix or Visual Studio if...
Yesterday, a new crypto oracle-type vulnerability was publicly disclosed. It is an important vulnerability that is likely to be exploitable on a large proportion of ASP.NET sites, even those that are using configuration settings that were previously considered...
Yesterday, I asked some questions about your usage of medium trust . Thank you all for the great answers and comments (but don’t read too much into that, I’m just playing with stuff). If you haven’t answered yet, feel free to do so . Now I have an additional...
I would be very grateful if you could drop me a note in comments answering the following questions: Do you run all, some or none of your web sites in medium trust? Why do you choose to run in that trust level? Are your sites externally hosted and if so...
Disclaimer: I worked on the Microsoft Ajax 4.0 template engine, so my criteria are of course heavily influenced by our own design. Templates are a data rendering method that server-side developers have enjoyed since the old days of classic ASP and PHP...
I've blogged in the past about injection attacks . Microsoft publishes additional new tools to detect and protect against injection attacks. The first tool, developed by HP, crawls web sites to automatically detect possible attacks, the second blocks...
I answer a lot of posts on the forums of the ASP.NET site. And more often than I would like to, I answer a different question than the one the poster asked, because I happened to easily spot a potential injection attack in the posted code. Now, what is...
More Posts