Protecting machine keys and connection strings

added by eglasius
10/14/2010 10:29:16 AM

0 Kicks, 57 Views

Last month I blogged about how the padding oracle vulnerability related to getting different levels of access to the application, where part of it involved gaining access to unprotected machine keys at the web.config of the affected sites. While the Microsoft's patch that closes the vulnerability is already on Windows Update and other distribution channels, it doesn't mean we shouldn't pay attention to keeping important access information of our application out of harms way. Protecting config sec...