|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Response splittingHi,
After a security audit, i was asked to look into the Response Splitting Security Issue of our webservers. I already know that i can solve it by putting a ISA server in front of the webservers. The question is, do we need to do that, or are there also other options to look in at? Thanks in advance! Rob Smeets Rob,
Response splitting issues are result of poor coding style and lack of input validation in the web applications running on the server. So I think if it is possible to make sure that all the web applications are using proper input validation on data coming from the HTTP requests you don't need to use ISA server. If it is not for any reason possible you might need to use it. -- Show quoteHide quoteJiri Richter Microsoft Corp. This posting is provided "AS IS" with no warranties, and confers no rights. "Rob Smeets" <RobSme***@discussions.microsoft.com> wrote in message news:F47BF6E6-332D-472C-BA92-16AD3328907B@microsoft.com... > Hi, > > After a security audit, i was asked to look into the Response Splitting > Security Issue of our webservers. I already know that i can solve it by > putting a ISA server in front of the webservers. The question is, do we > need > to do that, or are there also other options to look in at? > > Thanks in advance! > > Rob Smeets 
Other interesting topics
certificate services fails to start
Username/Password input dialog IIS 6 Impersonate failed for ASP Problem with IUSR account How to control bandwidth per web site on IIS Authentication problem Is the sessionState cookie a security risk. Using integrated authentication Transfering a Secure Server Certificate IP address and domain name restrictions |
|||||||||||||||||||||||
