[Mono-bugs] [Bug 338051] New: WebResource: security improvements
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Wed Oct 31 03:41:20 EDT 2007
https://bugzilla.novell.com/show_bug.cgi?id=338051
Summary: WebResource: security improvements
Product: Mono: Class Libraries
Version: 1.2
Platform: Other
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Sys.Web
AssignedTo: mhabersack at novell.com
ReportedBy: gert.driesen at pandora.be
QAContact: mono-bugs at ximian.com
Found By: ---
MS appears to encrypt the assembly & resource part of the query string using
the machinekey (we already do this for viewstate).
According to this blog post, they also do not vary on the timestamp:
http://www.nikhilk.net/WebResourcesDenialOfServiceAttack.aspx
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list