locked
How to prevent POST and GET parameters collapsed into a single collection in ASP.Net RRS feed

  • Question

  • I have an asp.net webforms application(.net framework 4.5) running on client's server. A recent security audit indicates that the application collapse the POST and GET parameters into a single collection and that this is a flawed design pattern from a security standpoint.

    The audit further indicates that using interceptors, it is possible to change the method type to GET which is unsafe as the information is appended to the URL and can be easily tampered.

    So, instead of allowing the user to login with the modified request, he/she should have been redirected to the login page/error page.

    • Moved by Dave PatrickMVP Tuesday, March 19, 2019 7:43 PM looking for forum
    Tuesday, March 19, 2019 7:20 PM

Answers

  • I'd ask for help over here.

    https://forums.asp.net/18.aspx/1?Web+Forms

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, March 19, 2019 7:42 PM