ASP and Security Risks

Results 1 to 3 of 3

Thread: ASP and Security Risks

  1. #1
    Max P. Guest

    Default ASP and Security Risks

    &nbsp;<BR>Hello there --<BR><BR>I recently talked with a fellow programmer who seemed to know a lot about "security holes" in ASP. Specifically, he mentioned a way to add something to a URL that calls an ASP page (like a specific variable in the querystring) that would then SHOW THE ASP SOURCE CODE! He also mentioned a couple of other things which I can&#039t remember, but it has made me very concerned about the pages I have been making.<BR><BR>In short, can someone tell me about what security risks there are with ASP, and possibly point me to a resource that will give a concise list of the risks/bugs and how to resolve them?<BR><BR>I need REAL INFO, not rumours...<BR><BR>Thanks,<BR><BR>Max P.

  2. #2
    Join Date
    Dec 1969

    Default RE: ASP and Security Risks

    I know of three:<BR><BR>1 ::$DATA ( old versions of IIS )<BR><BR>2 If the sample site is installed on IIS, users can find the path to the &#039view asp source&#039 page<BR><BR>3 &#039That Long Querysting&#039, don&#039t know it offhand, but it&#039s IIS 4.0 and MS have released a fix.<BR><BR>These are REAL holes that directly affect ASP<BR><BR>see for more

  3. #3
    Join Date
    Dec 1969

    Default I wouldn't worry...

    Generally, the moment these problems become known, Microsoft releases a server patch that fixes the problem. Unless the people running your server are lazy bums, they usually install these patches the moment they are available.<BR>If not, I&#039d suggest finding a new hosting company.<BR><BR>Erick

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts