zoukankan      html  css  js  c++  java
  • ASP.NET Misconfiguration: Debug Information

    Abstract:

    Debugging messages help attackers learn about the system and plan a form of attack.

    Explanation:

    ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

    should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

    should include debugging information.

    The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

    binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

    production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

    framework, database, or other resources used by the application.

    Recommendations:

    Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

    the <compilation> tag in your application's configuration file, as follows:

    <configuration>

    <compilation debug="false">

    ...

    </compilation>

    ...

    </configuration>

    Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

    does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

    information that could be useful to an attacker.

  • 相关阅读:
    spring自定义标签
    shell脚本实战
    redis使用场景
    了解并安装Nginx
    查看jar包依赖树
    从一道索引数据结构面试题看B树、B+树
    11条sql技巧
    or/in/union与索引优化
    动态规划
    实现快速迭代的引擎设计
  • 原文地址:https://www.cnblogs.com/time-is-life/p/6203021.html
Copyright © 2011-2022 走看看