ASP.NET 的安全隐患

asp.net存在安全隐患,即攻击者可以利用潜在的canonicalization攻击webserver
(即利用 ..\.. 欺骗 IIS,从而遍历目录),建议在Global.asax.cs中加入如下代码提高安全性:
<script language="C#" runat="server">
void Application_BeginRequest(object source, EventArgs e) {
    if (Request.Path.IndexOf('\\') >= 0 ||
        System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {
        throw new HttpException(404, "not found");
    }
}
</script>

你可能感兴趣的:(asp.net)