tag:blogger.com,1999:blog-7776921355241043901.post7549990885791126774..comments2023-02-15T18:14:12.104+02:00Comments on 0x191 Unauthorized: Hunting asp.net Authentication and Session GhostsAndreas Venierishttp://www.blogger.com/profile/03355939235426993658noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-7776921355241043901.post-18954169904071324672013-08-14T11:59:15.825+03:002013-08-14T11:59:15.825+03:00Very good post! Thanks a lot. web designing & ...Very good post! Thanks a lot. <a href="http://fsdsolutions.com" rel="nofollow">web designing & development companies in dallas texas</a>Anonymoushttps://www.blogger.com/profile/07942910170683356275noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-27070388674677319092013-01-20T21:17:57.521+02:002013-01-20T21:17:57.521+02:00No problem Tasos.
The only problem is that this is...No problem Tasos.<br />The only problem is that this is a blog and the environment itself does not give us the opportunity for such arguments.<br />I strongly suggest you to join our forum @ http://www.p0wnbox.com where we can enjoy and discuss any related topic you/we like!<br />;-)<br /><br />Thank you!Andreas Venierishttps://www.blogger.com/profile/03355939235426993658noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-26218611730226478582013-01-20T17:42:53.686+02:002013-01-20T17:42:53.686+02:00Andreas, sorry for going off topic in my previous ...Andreas, sorry for going off topic in my previous comment, and thanks anyway for your answer! :-)Anonymoushttps://www.blogger.com/profile/02372976958039608962noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-61560453017406795102013-01-19T22:15:15.849+02:002013-01-19T22:15:15.849+02:00Off Topic Begin
If your main concern is security ...Off Topic Begin<br /><br />If your main concern is security then you have to avoid share hosting for sure!<br />Most of the sites on share hosting env/s get p0wned because of some bad configurion of one site that allows an attacker to get a shell on it and then get root then... having all!<br />Share hosting follow the rule "A chain is only as strong as its weakest link"!<br />You HAVE to know how to protect your box.<br />There are plenty of tools out there. The only "problem" is the learning curve. Ok, as developer you don't have to know this but fmo YOU SHOULD!<br />In addition there are plenty SLAs out there that allows you to have even a DEDI server using all the benefits of a hardware IDS provided by your provider. <br />We are talking about Protection at the lowest network level... and not only :-)<br /><br />Off Topic EndAndreas Venierishttps://www.blogger.com/profile/03355939235426993658noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-79603267572602165702013-01-19T16:21:25.741+02:002013-01-19T16:21:25.741+02:00Your answer kinda surprised me. My main concern in...Your answer kinda surprised me. My main concern in a such scenario is security. <br /><br />I work in a web development company and we rely on shared hosting solutions to host our websites. We use our own CMS which is developed in ASP.NET. <br /><br />If we switch to a dedicated web server or a virtual cloud server, how can we be protected from attacks? Both server wide or specific to a domain?<br /><br /><br /><br />Anonymoushttps://www.blogger.com/profile/02372976958039608962noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-83918242994268845182013-01-19T14:00:53.647+02:002013-01-19T14:00:53.647+02:00@ Tasos, both true.
On the other hand, you just sc...@ Tasos, both true.<br />On the other hand, you just scratch a very interesting (fmo) topic.<br />Share Hosting or VPS?<br />In case that we are talking about a web development company, a small team or even a freelancer my favorite proposition is using a VPS (or even a DEDI server). In such environments you have the complete control over IIS / ASP.Net or other Libs/DLLs that may require system access level to be installed.<br />Nowdays (fmo again!) share hosting is appropriate to non-programmers such as advanced user etc, in order to setup and maintain ready-made packages as WP, PhpBB, Website Creator, etc etc... ;) Andreas Venierishttps://www.blogger.com/profile/03355939235426993658noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-69879508094022511932013-01-19T13:00:35.126+02:002013-01-19T13:00:35.126+02:00Kalimera Andrea!
You are right about sessionState ...Kalimera Andrea!<br />You are right about sessionState mode="StateServer". But in cases of shared hosting, I have the impression that this option is not always available, and thus we are left only with the InProc option. <br /><br />Also, there is the SQLServer option where one could store all its Session data to an Sql Server.Anonymoushttps://www.blogger.com/profile/02372976958039608962noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-1684845381355095602013-01-19T09:55:02.378+02:002013-01-19T09:55:02.378+02:00Geia soy Taso!
Thanks for your comment. I must say...Geia soy Taso!<br />Thanks for your comment. I must say that I partially agree with you. :)<br />Session is removed by recycling pool only if sessionState mode="InProc".<br />In case that sessionState mode="StateServer"; session var/s are not cleared given that ASP.NET service is already running.Andreas Venierishttps://www.blogger.com/profile/03355939235426993658noreply@blogger.comtag:blogger.com,1999:blog-7776921355241043901.post-26702935612235927322013-01-18T20:15:20.722+02:002013-01-18T20:15:20.722+02:00I think Session is almost never a good idea to sto...I think Session is almost never a good idea to store information. <br />All items that are stored in Session can be removed if IIS recycles the application pool in which our web application runs.<br />Anonymoushttps://www.blogger.com/profile/02372976958039608962noreply@blogger.com