Moved from the MVC forum to the dedicated one about the vulnerability one by moderator XIII to keep people and the ASP.NET team at Microsoft focussed on one reporting area:
I'm trying to implement the workaround for the oracle padding exploit
described on ScottGu's blog. Here's the workaround:
When I add that to my web.config, I'm not redirected to the error page when I try a bogus URL. I get the regular 404 error page. That's not what I expected. When I visit http://www.example.com/Home/ErrorPage, I can see it just fine.
I can't use the script on Scott's page to test my server since I deploy to Azure.
be789
Member
4 Points
16 Posts
Need help implementing the workaround for the oracle padding exploit
Sep 21, 2010 05:24 AM|LINK
Moved from the MVC forum to the dedicated one about the vulnerability one by moderator XIII to keep people and the ASP.NET team at Microsoft focussed on one reporting area:
I'm trying to implement the workaround for the oracle padding exploit described on ScottGu's blog. Here's the workaround:
When I add that to my web.config, I'm not redirected to the error page when I try a bogus URL. I get the regular 404 error page. That's not what I expected. When I visit http://www.example.com/Home/ErrorPage, I can see it just fine.
I can't use the script on Scott's page to test my server since I deploy to Azure.
Any ideas?