Browse by Tags

• Security

ASP.NET ValidateRequest does not mitigate XSS completely

As a security guy, I can safely say that there is no magic bullet to mitigate any security problems completely, and cross-site scripting(XSS) bugs are not exceptions. Since ASP.NET 1.1, ValidateRequest can be configured in web.config to check and reject Read More...

Posted 19 October 07 02:26 by esiu | 5 Comments   
Filed under IIS, Security

What is the maximum size of post requests to IIS?

ASP applications are protected, but what happens to non-ASP requests? Currently, there is no limit. MaxRequestEntityAllowed is currently not set, but ASPMaxRequestEntityAllowed is set to 200k ASP is simply a type of ISAPI, so obviously, the more restrictive Read More...

Posted 18 November 04 03:33 by esiu | 0 Comments   
Filed under IIS

Search

This Blog

• Home
• About
• Email

Tags

• <script>alert()</script>
• Developer Productivity
• Exchange server
• IIS
• Infoworker Productivity
• Mobile Phone
• Security

Archives

• November 2008 (2)
• October 2008 (3)
• March 2008 (1)
• November 2007 (1)
• October 2007 (8)
• September 2007 (6)
• May 2007 (2)
• April 2007 (1)
• March 2007 (1)
• February 2007 (3)
• January 2007 (2)
• July 2005 (1)
• March 2005 (2)
• February 2005 (1)
• January 2005 (2)
• December 2004 (1)
• November 2004 (3)

ACE Team

• ACE Team

Syndication

• RSS 2.0
• Atom 1.0