[Mono-bugs] [Bug 418620] Sys.Web is prone to "HTTP header injection" attacks

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Aug 20 08:41:34 EDT 2008


User mhabersack at novell.com added comment

--- Comment #11 from Marek Habersack <mhabersack at novell.com>  2008-08-20 06:41:33 MDT ---
(In reply to comment #9 from Juraj Skripsky)
> Created an attachment (id=234421)
 --> (https://bugzilla.novell.com/attachment.cgi?id=234421) [details]
> optimization
> Marek, what do you think about this patch?
> Calling WebConfigurationManager.GetSection() for every single header makes me
> feel a bit uneasy. GetSection will use the "sectionCache" property which in
> turn uses the icall AppDomain.GetData. And ves_icall_System_AppDomain_GetData
> uses the domain lock...
In theory it is possible that an application will want to modify the setting on
the runtime, but in this case I think it's ok to apply this optimization. Let
me do that as I need to update other trees as well. Thanks!

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list