Now the security updates to address the security vulnerability have been installed and servers rebooted. I think that it is important to revert the work arounds(as above) in case the custom error web page is written in
HTML (where .NET 1.0/1.1/2.0, 3.0, 3.5 are used) other wise incase custom exception page is written in .aspx it can be kept as it is. Because .aspx pages can inherit Master page, where as HTML pages can not inherit Master pages.
As I have .NET3.5SP1 and using .aspx page after installing suggested security updates, I do not think that it is required to update anything to address recent security vulnerability.
According to Scott Gu, the work-arounds that you had implemented with the custom error page would not be required once the official patch has been installed.
According to Scott Gu, the work-arounds that you had implemented with the custom error page would not be required once the official patch has been installed.
Thanks Mike.
Having custom exception page to show user friendly message is important, so I think that the custom exception page where
.aspx is used should be kept, aspx pages can inherit Master page to provide same look and feel. This applies to
.NET 3.5SP and 4.0
Where as for versions 1.0/1.1/2.0/3.0/3.5 the work around was to use .HTML
page as custom exceptions page. As the HTML page can not inherit Master page as .ASPX pages, the work arounds should be reverted. Incase the custom exception page is aspx page
with 3.5SP and 4.0 they can stay.
Star
13042 Points
3174 Posts
Is it mandatory to revert the work arounds after patch install?
Oct 04, 2010 10:03 AM|sukumarraju|LINK
Hi there,
ASP.NET application should have custom exception page showing some meaningful message.
As Scott suggested http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx it is required to use .html page for errors page to redirect to a single page regard less of the exception. This applies to .NET 1.1 to 3.5. Where as .NET 3.5SP1 and 4.0 versions can have .aspx page as custom error page.
Now the security updates to address the security vulnerability have been installed and servers rebooted. I think that it is important to revert the work arounds(as above) in case the custom error web page is written in HTML (where .NET 1.0/1.1/2.0, 3.0, 3.5 are used) other wise incase custom exception page is written in .aspx it can be kept as it is. Because .aspx pages can inherit Master page, where as HTML pages can not inherit Master pages.
As I have .NET 3.5SP1 and using .aspx page after installing suggested security updates, I do not think that it is required to update anything to address recent security vulnerability.
Please correct me on this.
Thanks,
Application Architecture Guide 2.0
My Blog
Twitter
All-Star
160051 Points
13198 Posts
ASPInsiders
Moderator
Re: Is it mandatory to revert the work arounds after patch install?
Oct 04, 2010 06:36 PM|mbanavige|LINK
According to Scott Gu, the work-arounds that you had implemented with the custom error page would not be required once the official patch has been installed.
Star
13042 Points
3174 Posts
Re: Is it mandatory to revert the work arounds after patch install?
Oct 05, 2010 03:56 AM|sukumarraju|LINK
Thanks Mike.
Having custom exception page to show user friendly message is important, so I think that the custom exception page where .aspx is used should be kept, aspx pages can inherit Master page to provide same look and feel. This applies to .NET 3.5SP and 4.0
Where as for versions 1.0/1.1/2.0/3.0/3.5 the work around was to use .HTML page as custom exceptions page. As the HTML page can not inherit Master page as .ASPX pages, the work arounds should be reverted. Incase the custom exception page is aspx page with 3.5SP and 4.0 they can stay.
Please correct me if i'm incorrect.
Application Architecture Guide 2.0
My Blog
Twitter
Member
120 Points
83 Posts
Re: Is it mandatory to revert the work arounds after patch install?
Oct 07, 2010 01:36 PM|Rovastar|LINK
I am not sure of why you want the workarounds to still be in place they are not needed anymore.
It is fine to keep them but they are not needed.