[Mono-bugs] [Bug 418620] Sys.Web is prone to "HTTP header injection" attacks
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Wed Aug 20 08:41:34 EDT 2008
https://bugzilla.novell.com/show_bug.cgi?id=418620
User mhabersack at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=418620#c11
--- Comment #11 from Marek Habersack <mhabersack at novell.com> 2008-08-20 06:41:33 MDT ---
(In reply to comment #9 from Juraj Skripsky)
> Created an attachment (id=234421)
--> (https://bugzilla.novell.com/attachment.cgi?id=234421) [details]
> optimization
>
> Marek, what do you think about this patch?
>
> Calling WebConfigurationManager.GetSection() for every single header makes me
> feel a bit uneasy. GetSection will use the "sectionCache" property which in
> turn uses the icall AppDomain.GetData. And ves_icall_System_AppDomain_GetData
> uses the domain lock...
In theory it is possible that an application will want to modify the setting on
the runtime, but in this case I think it's ok to apply this optimization. Let
me do that as I need to update other trees as well. Thanks!
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list