Hi Roland, > The bigger question, if this is true, is what is witango doing that > other app servers isn't doing?
Probably nothing different. (Excellent research by the way Roland) The heart of the issue (that you point to with KB831167) contains this text: "Security Patch q832894 included a fix to make Internet Explorer work better with Web servers that reset http connections when requesting authentication credentials from the client computer during a POST request. However, Web servers that reset an http connection with Internet Explorer for other reasons may experience errors when Internet Explorer attempts to reset the connection to the server." [Above from] http://www.microsoft.com/downloads/details.aspx? FamilyID=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en I think it's obvious that the MS Engineers just didn't think of everything when putting this patch together. There is wide range of different ways to use HTTP, and this is not the first time MS missed something when putting a Security patch together. Remember the IIS Lockdown tool? It has an optional component called URLScan that is designed to stop malicious attacks to IIS, by filtering them at the HTTP level with an ISAPI filter (before it reaches application files or the underlying OS). One of the problems with URLScan (under it's default configuration) is that it didn't allow for application files with extensions other than *.asp and a few others. So Witango, PHP, ColdFusion and even FrontPage Extensions stopped working after installing URLScan. The following article shows how to fix URLScan for ASP.NET for example. MS even broke it's own great new web technology - sad, but true. http://support.microsoft.com/default.aspx?scid=kb;EN-US;815155 Hope this helps. Cheers.... Scott Cadillac, 403-281-6090 ~ [EMAIL PROTECTED] ------------ XML-Extranet ~ http://xmlx.ca ~ http://forums.xmlx.ca Well-formed Programming in C# .NET, Witango, MSIE and XML ------------ Witango ~ http://witango.org EasyXSLT ~ http://easyxslt.ca IIS Watcher ~ http://iiswatcher.ca ------------ -----Original Message----- From: Roland Dumas <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Sat, 21 Feb 2004 08:50:42 -0800 Subject: Re: Witango-Talk: MS Security patch preventing postargs from being submitted > > On Feb 21, 2004, at 8:48 AM, Mike R. M. Young wrote: > > > Well that explains a few weird bits. It has only been noted on my own > > machine in this office, (running NT4 server fully updated) and would > > only appear to happen later in a given day. IE, when the ram is > > heavily fragmented from a days use. I chocked it up to lack of ram > and > > fragmented memory, but this is makes much more sense. > > Is there a solution? The next MS Security patch for instance? > > the report is: > Breaks it: > MS04-004 Cumulative Security Update for Internet Explorer (832894) > � > Fixes it: > Microsoft KB831167 > > The bigger question, if this is true, is what is witango doing that > other app servers isn't doing? > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
