Abstract:

Debugging messages help attackers learn about the system and plan a form of attack.

Explanation:

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

should include debugging information.

The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

framework, database, or other resources used by the application.

Recommendations:

Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

the <compilation> tag in your application's configuration file, as follows:

<configuration>

<compilation debug="false">

...

</compilation>

...

</configuration>

Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

information that could be useful to an attacker.

ASP.NET Misconfiguration: Debug Information的更多相关文章

  1. TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'

    CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...

  2. docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...

  3. ASP.NET Misconfiguration: Missing Error Handling

    Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...

  4. ASP.NET Misconfiguration: Excessive Session Timeout

    Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...

  5. ASP.NET Misconfiguration: Request Validation Disabled

    Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...

  6. The following module was built either with optimizations enabled or witherout debug information

    出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可

  7. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...

  8. ASP里面令人震撼地自定义Debug类(VBScript)

    不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...

  9. Mac OS X 上安装 ASP.NET 5

    在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...

随机推荐

  1. 显示intent和隐示intent有什么区别

    显式Intent定义:对于明确指出了目标组件名称的Intent,我们称之为显式Intent. 隐式Intent定义:对于没有明确指出目标组件名称的Intent,则称之为隐式Intent. 说明:And ...

  2. Linux的Service/Daemon你真的懂了吗?

    一 service与一般的程序的区别 service(也称为daemon)表示后台运行的程序,一般随系统的启动自动地启动且在用户logoff后仍然能够继续运行.该daemon进程一般在启动后需要与父进 ...

  3. 写给java开发的运维笔记

    转载至:https://github.com/biezhi/java-bible/tree/master/learn_server

  4. mysql临时表的产生

    sql执行会生成一个巨大的临时表,当内存放不下时,要全部copy 到磁盘,导致IO飙升,时间开销增大. 额外收获知识收藏如下: 临时表存储 MySQL临时表分为"内存临时表"和&q ...

  5. <2016-1-29>

    1.打电话,发短信,发邮件 //打电话 <script> function call(){ var call = new CallManage(); call.call('10086'); ...

  6. 服务器未能识别 HTTP 标头 SOAPAction 的值

    SOAPAction HTTP request header被用来标识SOAP HTTP请求的目的地,其值是个URI地址.SOAP发送并不限制格式.URI特征或其必须可解析,那么在这种情况下,发送一个 ...

  7. nyoj 708 ones 动态规划

    http://acm.nyist.net/JudgeOnline/problem.php?pid=708 状态转移方程的思路:对于一个数N,可以是N - 1的状态+1 得到,另外,也可以是(n / 2 ...

  8. 【解决】org.apache.hadoop.util.Shell$ExitCodeException: /bin/bash: line 0: fg: no job control

    [环境信息] Hadoop版本:2.4.0 客户端OS:Windows Server 2008 R2 服务器端OS:CentOS 6.4 [问题现象] 在通过Windows客户端向Linux服务器提交 ...

  9. 在线编辑器的使用总结(kindeditor , )

    1).kindedtor中让编辑框默认为“HTML代码/源代码”模式 [javascript] view plaincopyprint? <script> // 自定义插件 #1 Kind ...

  10. GitHub 上排名前 100 的 Objective-C 项目简介

    主要对当前 GitHub 排名前 100 的项目做一个简单的简介, 方便初学者快速了解到当前 Objective-C 在 GitHub 的情况.   项目名称 项目信息 1. AFNetworking ...