guidelines for secure ASP pages

From: Graham Coles (graham.coles@RETAIL-LOGIC.COM)
Date: Tue May 01 2001 - 10:32:15 PDT

Next message: Kev: "Re: Re-RSA and large numbers"

Previous message: Justin Young: "Re: How many people write secure programs?"
Next in thread: Deleersnyder, Sebastien: "Re: guidelines for secure ASP pages"
Reply: Deleersnyder, Sebastien: "Re: guidelines for secure ASP pages"
Reply: Arvind Shyamsundar: "Re: guidelines for secure ASP pages"
Reply: Jerry Connolly: "Re: guidelines for secure ASP pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Someone recently asked me about this - are there any URLs
or text files that provide a routine checklist of things to be
avoided when writing web pages using asp (ie not hardcoding
passwords etc)?

The question was based around not being able to obtain the
source of an asp page from IIS 4 (NT) - I've seen a number
of ways around this which I assume have been fixed if all of
the latest patches have been applied, however is it just a
really bad idea to assume that unauthorized people won't
be able to see the source to these pages or does this actually
work in practice?

--
Graham Coles

Next message: Kev: "Re: Re-RSA and large numbers"
Previous message: Justin Young: "Re: How many people write secure programs?"
Next in thread: Deleersnyder, Sebastien: "Re: guidelines for secure ASP pages"
Reply: Deleersnyder, Sebastien: "Re: guidelines for secure ASP pages"
Reply: Arvind Shyamsundar: "Re: guidelines for secure ASP pages"
Reply: Jerry Connolly: "Re: guidelines for secure ASP pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 01 2001 - 11:03:37 PDT