O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuration File Settings

Check

Description

<trace/>

Tracing is not enabled on the production servers.

<trace enabled="false">

<globalization>

Request and response encoding is appropriately configured.

<httpRuntime>

maxRequestLength is configured to prevent users from uploading very large files (optional).

<compilation>

Debug compiles are not enabled on the production servers by setting debug="false"

<compilation debug="false" . . ./>

<pages>

If the application does not use view state, enableViewState is set to "false".

<pages enableViewState="false" . . ./>

If the application uses view state, enableViewState is set to "true" and enableViewStateMac is set to "true" to detect view state tampering.

<pages enableViewState="true" enableViewStateMac="true" ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required