zoukankan      html  css  js  c++  java
  • ASP.NET Misconfiguration: Debug Information

    Abstract:

    Debugging messages help attackers learn about the system and plan a form of attack.

    Explanation:

    ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

    should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

    should include debugging information.

    The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

    binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

    production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

    framework, database, or other resources used by the application.

    Recommendations:

    Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

    the <compilation> tag in your application's configuration file, as follows:

    <configuration>

    <compilation debug="false">

    ...

    </compilation>

    ...

    </configuration>

    Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

    does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

    information that could be useful to an attacker.

  • 相关阅读:
    php json_encode怪问题
    给phpcms v9添加热门搜索关键词
    magento 1.6 后台无法登录解决办法
    08 baidu QA
    java exception
    java thread / process / thread runnable / thread sleep / thread run
    java reflect
    db sysbase
    内存单元
    分段的方式来管理内存
  • 原文地址:https://www.cnblogs.com/time-is-life/p/6203021.html
Copyright © 2011-2022 走看看