This error is very common to ASP.NET developers. If you have a web application that generates some file on the fly then prompts the user to download the file, then you may encounter “duplicate headers received from server” error. Most likely the web application will use Response.AddHeader() method to push the file to the browser for downloading, something like this: Response.AddHeader(“Content-Disposition”, “attachment;filename=” + outputFileName ); If the variable outputFileName contains comma, then you will get […]
Security
32 posts
Different company may have different password requirements, and there is no universal password guideline to follow. However, there are some common best practice for creating strong and complex passwords.For example, the commonly accepted minimum length of password is 8 characters, but more and more companies suggest or require more than 12 characters. Strong passwords should mix lowercase letters with uppercase letters, and contain numbers as well. Another important component of a strong password is to […]
In my previous post, I shared some tips on creating a strong and secure password in an easy way. Let me recap the steps just in case you forgot. 1. Choose a phrase (about 12-14 characters long without space) that is only known to you, for example, “Ilovepancake!”. 2. Capitalize the first letter of each word, in this case, “l”->”L”, “p”->”P”. 3. Replace some letters with numbers or special characters, for example, “o”->”0″(number zero), “a”->”@”, […]
Among all the existing and developing authentication methods, the username/password combination is still the most commonly used and very effective way to authenticate user. You need password to access your email, your social media account, your bank account, your credit card account, etc. Among all the passwords of yours, which password do you think is the most important? In my opinion, the most important password is the password of your primary email account (if you […]
If you are a DropBox customer, you may have noticed your shared link does not work any more. It has nothing to do with you, and it is because DropBox disabled all shared links due to a recently discovered vulnerability that may give other people access to files via shared link without consent. What does it mean? DropBox users can share files or folders in their DropBox, but only those people who know the shared […]
The security headline today consists three major companies: 1. Microsoft warns IE users of an Internet Explorer zero-day bug 2. Adobe releases a security patch for Adobe Flash Player 3. AOL investigates a security breach on their network and has determined that “there was unauthorized access to information regarding a significant number of user accounts”. It is truly an eventful Monday today.
Open source software is built on the principle that the source code of the software is available publicly and the developers involved in the software are volunteers and build the software out of love and passion. A claimed advantage of open source software is its high security because the publicly available source code enables developers to discover and fix potential security bugs quickly. But the recent Heartbleed bug showed that it is not always the […]
If you use the ASP.NET Forms Authentication in your web application that runs on IIS 7 or above with the integrated pipeline application pool, you may find that the images and the styles of your application are not displayed until you are logged in (authenticated). If you encounter this problem, here is the solution to fix it. First, let me take one step back to explain why the problem happens. If you look at your […]
[UPDATE]: There is no need for using this tool to update your web applications, because Microsoft has released the official ASP.NET security fix through Windows Update: http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx You may have already known the newly discovered ASP.NET security vulnerability, and the suggested workaround is to modify your Web.config file until Microsoft releases a security path, as mentioned in Scott’s blog: http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx. I hope you have already updated your application according to the workaround. However, what if […]
For Windows applications, it might be a good idea to use the EventLog to log application errors because the EventLog is very powerful yet very simple to use. However, it might not be a good idea to use it to log ASP.NET web application errors. Why? There are several reasons: It’s all about security. In the malicious cyber world, the security of the web application is a very big concern of any company, if not […]