Security issues that must be addressed by Visual Basic. NET and Visual C #. NET programmers (2)
Source: Internet
Author: User
Other resources
In addition to the content described in the preceding overview, there are many other options to choose from. The following topics detail code access security:
Introduction to Code Access Security)
Code Access Security)
Security Namespaces in Visual Studio)
Web applications
This solution protects your server against malicious code attacks and prevents data from being damaged. You can use multiple methods to protect your servers.
By disabling the dynamic discovery function of XML Web services, users are prohibited from searching for and running your XML Web services.
Before allowing a user to access the server, use authentication to verify the user's identity.
By using the ASPNET process identity, you can better adjust the resources you can use.
Each method is described in detail below.
Dynamic Discovery
Dynamic Discovery is a function of the. NET Framework. It allows Web browsers to search for XML Web services running on servers. After finding the XML Web service, you can call the XML Web services method. Although Dynamic Discovery provides powerful functions for users, it also brings potential security risks to servers. In most cases, you do not need to enable the dynamic discovery function. When installing the. NET Framework, it is found that it is disabled by default. This does not mean that the XML Web services is unavailable, but only the directory where the server will not provide available services. The client can still use XML Web services, but you need to provide the exact location of the service to it.
Warning after dynamic discovery is disabled, you need to send the XML Web services location to the client.
On the deployment server, there are two items that can control the XML Web services discovery function. The first item (machine. config file) controls the overall server discovery function. The machine. config file is an XML file that contains settings for Web applications on the control server. It is located in the % windows % Microsoft. NETFrameworkVersionConfig folder. This file contains an element that is commented out by default. To enable the discovery feature, you need to delete these annotation characters. You also need to use the ASPNET account to run the application, as described in "ASPNET process identity" in the following section.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
