Friday September 4th

Thursday September 3rd

ASP.NET session hijacking with Google and ELMAH

ELMAH is one those libraries which is both beautiful in its simplicity yet powerful in what it allows you to do. Combine the power of ELMAH with the convenience of NuGet and you can be up and running with absolutely invaluable error logging and handling in literally a couple of minutes. Yet, as the old adage goes, with great power comes great responsibility and if you’re not responsible with how you implement ELMAH, you’re also only a couple of minutes away from making session hijacking of your ASP.NET app – and many other exploits – very, very easy.

1 comments

Great piece of advice for anyone using ELMAH, but I think it also forces one to think more carefully about what is and isn't safe to run on their production site.

Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading DotNetKicks...
brought to you by the Kicks Network