Do Not Issue Verbose Error Information Remotely

Previous page
Table of content
Next page

Do Not Issue Verbose Error Information Remotely

By default, ASP.NET the configuration setting <customErrors> is set to remoteOnly and gives verbose information locally and nothing remotely. Developers commonly change this on staging servers to facilitate off-the-box debugging and forget to restore the default before deployment. This should be set to either remoteOnly (default) or On. Off is inappropriate for production servers.

<configuration> <system.web> <customErrors> defaultRedirect="error.htm" mode="RemoteOnly" <error statusCode="404" redirect="404.htm"/> </customErrors> </system.web> </configuration>


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Introduction to 80x86 Assembly Language and Computer Architecture
Competency-Based Human Resource Management
Microsoft VBScript Professional Projects
Sap Bw: a Step By Step Guide for Bw 2.0
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy