DCSIMG
Performance Gain - Security Risk - אליק לוין

אליק לוין

עולמו של יועץ ממיקרוסופט

Performance Gain - Security Risk

Consider the following ASPX page:

Here is why it cannot be accessed:

When trying to navigate there you get:

 

Great, love URL authorization!!

 

Now let's examine another ASPX page:

When navigating to this page you surprisingly get this:

The reason for that is when using Server.Transfer the request to the second page does not go through the whole ASP.NET pipeline which includes URL Authorization module

Security part is here http://msdn2.microsoft.com/en-us/library/ms998375.aspx

Performance part is here http://msdn2.microsoft.com/en-us/library/ms998549.aspx 

Performance and Security has never been good friends - fortunately we have J.D. who is bridging the two letting us enjoy both.

 

Enjoy

פורסם: Feb 23 2007, 11:49 PM by alikl | with 3 comment(s)
תגים:, ,

תוכן התגובה

Sagar כתב/ה:

Hi, Very good example, it brings out the difference point very well. I think we should do a study of other similar situations.
# February 24, 2007 5:38 PM

alikl כתב/ה:

Happy you liked this :)!

The study has been conducted and it is all here:

http://msdn2.microsoft.com/en-us/library/aa139637.aspx

# February 24, 2007 8:24 PM

alik levin's כתב/ה:

Reposted from Performance Gain - Security Risk Good intention for better performance may lead to flawed

# March 27, 2007 4:28 PM