And concordantly, if we don't currently *have* a global.asax file, is it important
that we create one and put this code in it?
From: "Falls, Travis D (HTSC, CASD)" [EMAIL PROTECTED]
I was told to add this to my Global.asax.cs file un the
Application_BeginRequest method
if (Request.Path.IndexOf('\\') >= 0 ||
System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath)
{
throw new HttpException(404, "not found");
}
is this the fix or will there be a more permanent fix you think.
Travis D. Falls |Consultant, Raft.Net IT | 860.547.4070 |
[EMAIL PROTECTED]
-----Original Message-----
From: Charles Carroll [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 07, 2004 10:10 AM
To: [EMAIL PROTECTED]
Subject: [AspNetAnyQuestionIsOk] NEW ASP.net Security Vulnerability - best
explanation
http://pluralsight.com/blogs/keith/archive/2004/10/06/2688.aspx
explains it best.
Yahoo! Groups Links
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If
you are not the intended recipient, please notify the sender
immediately by return email and delete this communication and destroy all copies.
Yahoo! Groups Links
[Non-text portions of this message have been removed]
------------------------ Yahoo! Groups Sponsor --------------------~-->
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/saFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
