Ask a Question related to ASP.NET Security, Design and Development.
-
scottrm #1
file traversal
In classic asp you could help mitigate file traversal problems by uncheking the allow parent paths option in IIS home directory/configuration/options which disallowed the use of the ../ syntax. However this does not seem to work in asp.net, any way to enforce this? Also does anyone know a good way to avoid using the ../ syntax for links apart from hard coding the full url path
scottrm Guest
-
problem in binding xml file data to datagrid xml file isgenerated through JSP file
problem it that i am creating xml file using JSP file and i want to bind DataGrid with xml file data that is created using JSP but it will not Bind... -
File Viewer / Bloated file sizes / What is the best file format?
I would like to find a viewer capable of looking at the main Adobe formats as well as the standard formats such as JPG and WMF ... but yet the only... -
Open file, make changes, save file, close, re-open, file contents not changed
I've now run into this several times and it's completely destroyed all of my confidence in Ilustrator CS on Mac. I'm hoping someone can confirm that... -
[BUG] File#rewind, File#syswrite, File#pos on Cygwin build
On the cygwin build of ruby v1.8.0, I have encountered a strange bug when using rewind, syswrite and pos. If you open a file in read/write mode,... -
Confused about locking a file via file.flock(File::LOCK_EX)
I am writing a ruby appl under AIX where I need to update the /etc/hosts table. I would like to make sure that during my update nobody else can... -
[MSFT] #2 RE: file traversal
Hello,
Thank you for the post. Currently I am performing some research on this
issue, to see if there is a proper solution for ASP.NET. I will update you
as soon as possible.
Luke
Microsoft Online Support
Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
[MSFT] Guest
-
[MSFT] #3 RE: file traversal
Hello,
So far as I researched, this option doesn't make sense in ASP.NET. Pretty
much most of IIS settings do not affect asp.net at all. Usually, asp.net
has its own settings (eg. machine.config etc..) that you use for
configuration.
To protect problems related to this issue, we should rely on ASP.NET
security and NTFS security, to restrict user access other folders.
Luke
Microsoft Online Support
Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
[MSFT] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
