Ed's Blog

Object reference not set to an instance of an object

ASP.NET security issue

Hot of the press, Microsoft advises that you stick this :

void Application_BeginRequest(object source, EventArgs e) {
    if (Request.Path.IndexOf('\\') >= 0 ||
        System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {
        throw new HttpException(404, "not found");
    }
}

in your global.asax to avoid unautherized access to files via “canonicalization” - this is stuff like http://dotnet.org.za/../../../mysecretfile.doc etc.

check out the KB article

Published Oct 07 2004, 08:47 AM by eduard

Filed under: .Net and C#, News

Comments

No Comments

Name (required)

Your URL (optional)

Comments (required)

Remember Me?

Enter the numbers above:

Add

dotnet.org.za

This Blog

Syndication

Recent Posts

Tags

Bloggers

Boyz from da hood

Links to cool tools

Tech Sites

Archives

Ed's Blog

ASP.NET security issue

Comments

Leave a Comment