IIS Web Deploy References

  • TechNet
  • MSDN
  • Visual Studio “One-Click Publish”
  • Web Deploy IIS.Net web site
  • Why you should use Web Application Projects and not Web Site Projects in Visual Studio 2010.
  • Advertisements

    Security Vulnerability in ASP .Net — Padding Oracle Attack

    All editions of ASP .Net (1.0 – 4.0) are vulnerable to the “Padding Oracle” crypto attack. Scott Guthrie has a good post about it here.  Microsoft has acknowledged the attack and is offering a work around.  There is also a post on Microsoft’s Security Research and Defense blog here.  Microsoft’s official response shows that they aren’t too happy that the hacker decided to publicly disclose the attack without telling them about it first:

    We continue to encourage security researchers to coordinate vulnerability disclosure with software vendors. We believe public disclosure before a comprehensive update can be produced only leads to customer risk through criminal activity.

    An actual demostration of the attack on a DotNetNuke installation to become the “SuperUser” took less than five minutes…

    DotNetNuke has published their response here.

    I’ll be keeping up with this over the weekend.  So come back to find out more.  I haven’t seen any attacks yet… but that will be when it get interesting….

    ASP. Net Membership Entity-Relationship Diagram

    I’m a very visual person and as an software architect, I love diagrams!

    I couldn’t find this on the web, so I made it myself.  Enjoy!

    ASP .Net Membership ER Diagram

    ASP .Net Membership ER Diagram, Page 2