Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Sep 28, 2010

ASP.NET security patch, what's changed

I've snooped around with fiddler to see what changes have been introduced by the patch release today for the ASP.NET framework.

I've seen to notable differences in the behaviour of webresource.axd:

  1. The d parameter is now set to a value much longer than before, it seems it's 50 bytes longer
  2. Tampering with this parameter will not trigger a 500 server error and an entry in the application event log. A regular 404 error is returned to the browser, and nothing is logged in the event log.
My guess is that they have included an integrity check of some kind. Also, they've fixed the problem with error messages distinguishing between the different errors occuring. Now, it's all 404 errors.

Anyhow, it's time to go home from work. Unfortunately, my local time is quite far from PDT. Happy patching!

15 comments:

  1. I like changes if we are talking in general. But I write my academic papers using advices from https://samedaypaper.org/blog/paper-outline and I don't want to change it.

    ReplyDelete
  2. Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
    post free classified ads in india

    ReplyDelete
  3. Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
    web portal development company in chennai

    ReplyDelete
  4. This information is impressive..I am inspired with your post writing style & how continuously you describe this topic.

    apache spark training in bangalore
    Spark Training institute in Bangalore

    ReplyDelete
  5. There are lots of experts which are expert in asp.net coding language which is very sharp language to learn.
    Assignment review

    ReplyDelete
  6. Such kind of security is very helpful for our online business because through this, we can run our online business without any fear. I hope, many businessmen will get benefits through this security system. Dissertation writing services.

    ReplyDelete
  7. یکی از بهترین سایت های موزیک برای دانلود آهنگ سایته: دانلود آهنگ جدید
    می باشد که دارای ارشیو کامل از

    ReplyDelete
  8. Thanks for sharing this informative content. I am very impressed by your user friendly post. I admire your work. We provide technical support for the Roadrunner user like how to Change Roadrunner Email Password of your account. Thanks for sharing this informative content. I am very impressed by your user friendly post. I admire your work. We provide technical support for the Roadrunner user like how to Change Roadrunner Email Password of your account.

    ReplyDelete
  9. I am glad to discover your website. I read your all blog. All are very informative and contain valuable content. Thanks for sharing these blog. I will visit again your website to get the these types of blog. If your AT&T Email Wi-Fi Not Working and want to fix it. Then, call us.

    ReplyDelete
  10. Very Informative Post! first time I visit your blog and I am happy to find this educational post. It is very useful. Thank you for sharing this content with us. Want to Recover Roadrunner Password? If yes, Need technical help, please contact us.

    ReplyDelete
  11. A seafood boil is a popular culinary tradition that involves cooking a variety of seafood, along with other ingredients, in a seasoned broth

    ReplyDelete
  12. woow this is soo good and best amazing about this content
    Sandwich Panel

    ReplyDelete
  13. lets goo and make good days best of all thanks for you

    ReplyDelete

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts