ASP.NET Misconfiguration: Debug Information
Abstract:
Debugging messages help attackers learn about the system and plan a form of attack.
Explanation:
ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and
should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries
should include debugging information.
The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug
binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to
production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the
framework, database, or other resources used by the application.
Recommendations:
Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on
the <compilation> tag in your application's configuration file, as follows:
<configuration>
<compilation debug="false">
...
</compilation>
...
</configuration>
Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application
does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system
information that could be useful to an attacker.
ASP.NET Misconfiguration: Debug Information的更多相关文章
- TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'
CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...
- docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...
- ASP.NET Misconfiguration: Missing Error Handling
Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...
- ASP.NET Misconfiguration: Excessive Session Timeout
Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...
- ASP.NET Misconfiguration: Request Validation Disabled
Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...
- The following module was built either with optimizations enabled or witherout debug information
出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可
- ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...
- ASP里面令人震撼地自定义Debug类(VBScript)
不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...
- Mac OS X 上安装 ASP.NET 5
在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...
随机推荐
- windows下IIS+PHP解决大文件上传500错问题
linux下改到iis+php后,上传大于2M就出500错,改了php.ini中的upload_max_filesize也不行,最后解决如下: 第一步:修改php.ini 上传大小限制 (以上传500 ...
- Hadoop总结篇之四---底层通信是怎么做到的
上一篇介绍了一个job的提交过程.期间多次提到通信协议.那么协议是什么? 协议其实就是通信的双方所遵守的一套规范,这套规范规定了通信时传输的数据的固定的格式. 4.1 RPC协议:在hadoop中,我 ...
- 用Ant来做一键部署
部署Java Web项目到远程服务器上,以前经常用的操作方式: 1.在eclipse上导出项目war包 2.把war包通过ftp方式传到服务器上,比如Tomcat的webapps目录下 3.启动tom ...
- mySql事务_ _Java中怎样实现批量删除操作(Java对数据库进行事务处理)?
本文是记录Java中实现批量删除操作(Java对数据库进行事务处理),在开始之前先来看下面这样的一个页面图: 上面这张图片显示的是从数据库中查询出的出租信息,信息中进行了分页处理,然后每行的前面提 ...
- BFS与DFS
DFS:使用栈保存未被检测的结点,结点按照深度优先的次序被访问并依次被压入栈中,并以相反的次序出栈进行新的检测. 类似于树的先根遍历深搜例子:走迷宫,你没有办法用分身术来站在每个走过的位置.不撞南山不 ...
- asp.net mvc多条件+分页查询解决方案
开发环境vs2010 css:bootstrap js:jquery bootstrap paginator 原先只是想做个mvc的分页,但是一般的数据展现都需要检索条件,而且是多个条件,所以就变成了 ...
- recyleView使用笔记
直接上代码: package com.test.recycleview; import android.app.Activity; import android.graphics.Canvas; im ...
- jquery mobile 登陆后页面验证
调用 pagebeforechange方法 $(document).bind("pagebeforechange", function (e, data) { if (typeof ...
- shape 代码生成器
场景: 可以尝试使用shape的xml文件来代替图片. 可以起到减小包大小的效果. Android Button Maker是一个可以在线生成按钮代码的工具.Android API提供了XML文件定义 ...
- 魅蓝note2在ubuntu14.04下mtp模式无法自动mount的解决方法
是因为新机型没在列表里的原因. 处理方法如下: As far as I know, MTP works fine in Trusty. You can try this: Uncomment #use ...