1.x To 2.0 Migration Tip: Where Did WebForm_ DoPostBackWithOptions Go?

Tightening View State Belt

Published: 4/30/2006 | Updated: 5/3/2006 | Discuss

Looks like the SOBs who mount view state attacks read this blog too. Good. I want them to know I’m watching them and see their attempts to wise up.

I’ve tweaked my ViewStateSpamStopper module a little and will test it on those guinea pigs. No need to go to the whole error handling routine. Basically, if my code detects any tweaking of view state, it black lists the requester on the spot. I’ll share the code once it’s cooked well enough.

That said, if you start receiving 403’s (access denied) from my site, please let me know. In the meantime, make sure your <machineKey> is configured and sleep well.

Comments

No comments yet

Emails and Notifications

Would you like to be notified when somebody responds to this post?

Submit your comment

Please enter only text since all HTML tags except hyperlinks will be stripped. Hyperlinks will become live links. Any comments with flaming or offensive language will be deleted. Be courteous to other posters. Thank you.

Your name (required):

Your email (optional):

Your site's URL (optional):

Type in the number above:

Comment (required):

Remember me

This work is licensed under a BSD license.

Validate page XHTML for compliancy with web standards

Validate CSS for compliancy with web standards