是ASP.NET MVC容易受到甲骨文填充攻击? [英] Is ASP.NET MVC vulnerable to the oracle padding attack?
问题描述
时的ASP.NET MVC 2不堪一击的<一个href=\"http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx\"相对=nofollow>甲骨文填充攻击?如果是的话,应该实施什么解决方法吗?在斯科特谷的博客的指令似乎只为Web表单。
Is ASP.NET MVC 2 vulnerable to the oracle padding attack? If so, what workaround should be implemented? The instructions on Scott Gu's blog appear to only be for Webforms.
我试过这样:
<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="/Home/ErrorPage" />
不过, http://www.example.com/PageThatDoesNotExist 仍然返回一个标准的404错误页面
however, http://www.example.com/PageThatDoesNotExist still returns a standard 404 error page.
的修改的:我看到斯科特谷张贴在他的博客中说MVC是脆弱的意见,但它仍然不清楚,我究竟是如何实施变通办法
EDIT: I see that Scott Gu posted in the comments under his blog post that MVC is vulnerable, but it's still not clear to me exactly how to implement the workaround.
推荐答案
<一个href=\"http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx#7614901Scott\"相对=nofollow>是 - 联动,由Scott Guthrie的注释
Yes - linkage to the comment by Scott Guthrie.
周六,2010年9月18日9:00 PM由ScottGu
Saturday, September 18, 2010 9:00 PM by ScottGu
@Vijay,
请问ASP.NET MVC太会受到影响?
Will the ASP.NET MVC too get affected?
是 - ASP.NET的所有版本都受到影响,包括ASP.NET MVC
Yes - all versions of ASP.NET are affected, including ASP.NET MVC.
谢谢,
斯科特
我看到你已经看到了评论,但是如果你的服务器上运行VBS脚本,它应该告诉你,如果它仍然是一个问题。
I see that you've seen the comment, but if you run the vbs script on your server, it should tell you if it's still a problem.
编辑:在一个新的职位此外,Scott还讨论了常见问题解答<一个href=\"http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx\"相对=nofollow>这里。
Also, Scott has discussed FAQs in a new post here.
这篇关于是ASP.NET MVC容易受到甲骨文填充攻击?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!