Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Sep 22, 2010 03:43 AM|LINK
Well, since I believe the default encryption method for web.config files uses the machine key...
There is a method to encrypt with a separate RSA key, but I'm under the impression that the standard a lot of people use is the machine key method...
So I guess that web.configs encrypted with the machine key are vulnerable to decoding in a coordinated attack with this exploit. Good to know. Guess I feel better about completely disabling WebResource and ScriptResource for my MVC apps.