Abstract:

Debugging messages help attackers learn about the system and plan a form of attack.

Explanation:

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

should include debugging information.

The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

framework, database, or other resources used by the application.

Recommendations:

Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

the <compilation> tag in your application's configuration file, as follows:

<configuration>

<compilation debug="false">

...

</compilation>

...

</configuration>

Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

information that could be useful to an attacker.

ASP.NET Misconfiguration: Debug Information的更多相关文章

  1. TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'

    CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...

  2. docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...

  3. ASP.NET Misconfiguration: Missing Error Handling

    Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...

  4. ASP.NET Misconfiguration: Excessive Session Timeout

    Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...

  5. ASP.NET Misconfiguration: Request Validation Disabled

    Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...

  6. The following module was built either with optimizations enabled or witherout debug information

    出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可

  7. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...

  8. ASP里面令人震撼地自定义Debug类(VBScript)

    不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...

  9. Mac OS X 上安装 ASP.NET 5

    在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...

随机推荐

  1. redis缓存

    参考: java对redis的基本操作 http://www.cnblogs.com/edisonfeng/p/3571870.html 一.支持类型: key:一般设计为标准的字符串, values ...

  2. FLASH结构

    mergedir/code.tmp.bin 压缩未加密文件的FLASH文件 mergedir/sfs/nvm.bin   shareData数据文件,未加密.未压缩 数据克隆:DATA/ALL APP ...

  3. Swift 简介

    1.swift支持所有C和Obeject-c的基本类型,支持面向过程和面向对象的编程机制. 2.swift提供了2种功能强劲的集合类型:数组和字典 3.元祖 4.可选类型 5.swift 是一种类型安 ...

  4. SQL Server的高级知识

    DataSet的内容介绍,两种单例模式(并发量的考虑),SQL高级中的case语句.连接操作.子查询.派生表 -------------------------------- 1.Case的用法 使用 ...

  5. CGI

    CGI的工作原理一般是这么定义的: 客户端web浏览器浏览某个主页后,利用一定的方式提交数据,并通过HTTP协议向Web服务器发出请求,服务器端的HTTP Daemon(守护进程)将描述的主页信息通过 ...

  6. Redis复制与可扩展集群搭建

    抄自:http://www.infoq.com/cn/articles/tq-redis-copy-build-scalable-cluster 讨论了Redis的常用数据类型与存储机制,本文会讨论一 ...

  7. window下编译并使用google protobuf

    参考网址: http://my.oschina.net/chenleijava/blog/261263 http://www.ibm.com/developerworks/cn/linux/l-cn- ...

  8. CentOS 6.5下静默安装oracle

    本例: 通过SSH远程连接云主机,上传oracle11g安装包,在centos6.5上无图形化界面静默安装oracle11g. 涉及工具及环境: 1.本地环境windows7+ssh远程连接工具xSh ...

  9. 【HOW】如何允许编辑用户配置文件属性

    在自定义用户配置文件属性后会发现,通过属性本身的配置页面,只能允许用户修改自己的属性,而管理员无法修改其他用户的属性.若要允许管理员在用户信息页面修改用户配置文件属性,可通过如下操作实现: 1. 进入 ...

  10. 【java】分页查询实体类

    package com.dmsd.itoo.tool.pageModel; import java.io.Serializable; import java.util.HashMap; import ...