Ideas for Improving ASP and ASP.NET Web Application Security - Part 1
page 1 of 6
Published: 16 Jun 2006
Unedited - Community Contributed
Abstract
In the first part of this article, Brett provides ideas for improving the security of ASP and ASP.NET web applications.
by Brett Burridge
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 33333/ 81

Suppress Server Errors

Hackers and other people with dubious intentions are always on the lookout for websites that display technical error messages.  ASP or ASP.NET error messages are often useful to such people.  In some cases the hackers can actually think of ways of causing the error messages to appear, such as by playing around with the parameters in the query string.

There have also been instances of hackers looking for certain error messages that indicate known vulnerabilities by looking for specific terms on search engines, such as Google.  Therefore, suppressing error messages is an extremely important tool in helping to avoid drawing the attentions of malicious users.

Thankfully, suppressing errors on Microsoft based web servers is very straightforward.  In ASP it can be achieved by ensuring that pages use the "On Error Resume Next" directive.  Do not forget that this directive should also be used within each subroutine in the Global.asa, if you are using one.  The most common source of ASP errors on live websites are database or filesystem errors. Your application should always check for these, for example by checking the Errors collection of the ADODB Connection object to ensure a database connection has been successful.

IIS also has a setting that allows a website's errors to be replaced with an operator-supplied generic message.

In ASP.NET, application errors can be suppressed by altering the customErrors setting within the application's web.config file.  By default, the .NET Framework usually hides the specific details application errors unless the website is being viewed on the local machine.


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2014 ASPAlliance.com  |  Page Processed at 12/21/2014 11:56:27 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search