I came across an interesting article about errors occurring outside the context of a request. Apparently, such errors will put an end to your worker process. Source code for a module to catch and log such errors are included in the article, check it out!
Unhandled exceptions cause ASP.NET-based applications to unexpectedly quit in the .NET Framework 2.0.
Software security blog by André N. Klingsheim, who's learning to love .NET and Microsoft servers.
Disclaimer
Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).
Oct 30, 2010
Oct 16, 2010
Some highlights from the RSA Euro conference '10
I just got back from London and the RSA Europe conference, I've had a great week! In addition to a solid program, the conference is a hotspot of highly skilled professionals. I ended up in a lengthy discussion at the Microsoft stand on the possibilities of the new Forefront Threat Management Gateway (TMG), and the Unified Access Gateway (UAG). One chat with a Microsoft professional, and I learned that the UAG is much more versatile than the official webpages indicate. Of course, I had many more interesting conversations with both sponsors and visitors to the conference. I have to mention that I was fortunate enough to bump into Steve Lipner from Microsoft while I was on my way from one session to another. I happened to be carrying around my SDL-book, he was kind enough to sign it. Good stuff!
I'll summarize some of my favorite sessions from the conference:
I'll summarize some of my favorite sessions from the conference:
Oct 6, 2010
Keep ASP.NET error pages out of search engines
In a production environment, users should not be presented the default ASP.NET error pages. Instead they should be offered clean, understandable error pages giving them a sensible explanation of the error, along with suggestions to continue their journey on the website. Besides usability concerns, it's also an important security practice to not leak details about application details to those who might tinker with your application!
In ASP.NET, the customErrors configuration element is used to handle error situations. However, the behaviour of the custom errors is somewhat counterintuitive, as you might end up with your error pages indexed by search engines.
In ASP.NET, the customErrors configuration element is used to handle error situations. However, the behaviour of the custom errors is somewhat counterintuitive, as you might end up with your error pages indexed by search engines.
Subscribe to:
Posts (Atom)
Copyright notice
© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.
Read other popular posts
-
Microsoft's widely used e-mail service Hotmail was recently overhauled and rebranded Outlook.com. One of the less known services they pr...
-
Visual Studio Online looks pretty cool so I’ve decided that I'll use it for the next NWebsec release. The project setup was relatively...
-
I just ran into a weird problem while creating a bootable USB-stick, it was impossible to do a full copy of the files from an .iso. I tried...
-
Security headers in an HTTP response There are many things to consider when securing a web application but a definite "quick win...
-
I guess it was long overdue for me to follow up on my Hardening Windows Server 2003 SSL/TLS configuration and Windows server 2003 vs 20...
-
The release of Firesheep a week ago brought a lot of attention to a problem that has been known for many, many years: cookies sent over both...
-
Though Windows Server 2003 has been around for a while, we'll still see them around the Internet for many years to come. Despite their u...
-
Just a quick note on an error I often run into when I'm working on my Azure applications. I usually create Azure packages and upload the...
-
The .NET 4.5 framework was released a couple of months ago and it included several improvements in the security area. To benefit from these ...
-
OWASP recently released their Top Ten 2013 list of web application vulnerabilities. If you compare the list to the 2010 version you’ll see t...