|
|
|
October 2005 - Security Briefs
-
Looks like Steve Johnson has a blog now, and his second post includes a nifty GUI that wraps the functionality of httpcfg.exe (which isn't the friendliest tool). Nice work, Steve! Now I just have to convince him to integrate my ACL UI Adapter into his...
-
Part of the deployment scripts I'm working on must programmatically munge .NET config files. And I want to be able to use xpath expressions to index into them, but xpath is more painful (for what I'm doing at least) when namespaces are involved. Sometimes...
-
Earlier today I posted the official unmanaged way to get the .NET Framework directory . Of course I was using P/Invoke to do it ;-) Mike Woodring commented with an easier, managed way: HttpRuntime.ClrInstallDirectory But then Stephen Toub (my editor at...
-
I recently had a need to find the path to the .NET Framework binaries. Here's the official way of finding it, using a function exposed from mscoree.dll: const int MAX_PATH = 256; public string GetNetFrameworkDirectory() { StringBuilder buf = new StringBuilder...
-
I just spent about 30 minutes debugging something really dumb and I thought I'd post here in case I can save someone that time. I'm working on some deployment scripts, and part of what they do is create user and group accounts in Active Directory and...
-
Aaron forgot to mention one rather important issue that he probably didn't notice because he runs as admin :) It turns out that HttpListener only works out of the box if you're running with high privilege (e.g., as a member of the BUILTIN\Administrators...
-
Here's some sample C# code that sets up a namespace reservation by calling HttpSetServiceConfigurationAcl. Note that by switching a flag in the code, you can remove the namespace reservation, so this class would work well during installation as well as...
-
An article from the Washington Post talks about some of the funky advice the Dept. of Homeland Security is paying for these days (the group that generates these reports is called Red Cell ). While it's a great idea to hire people to think “out of...
-
I just got hit with this today, and a bit of googling shows that lots of folks have been running into problems with IIS6 application pools after installing SP1. My lab box is a W2K3 domain controller. While I've been running SP1 for awhile in the lab...
-
I was just talking with Craig about a Kerberos problem he's having, and one of the possibilities that came up was that he might have a duplicate service principal name registered for a web server. I hacked up a little app to help him find if he's got...
-
J.D. Meier is the driving force behind the security and performance guidelines coming out of the Patterns & Practices group. Subscribed!
-
Fritz links to the demos for our webcast this afternoon. It's always fun tag-team teaching with another Pluralight guy. This almost felt like a mini- Campsight event , well, almost :) If you missed it, we talked about the security guidance available at...
-
...are available here for those who attended today's session. Thanks for coming, and I hope you'll consider Pluralsight for your next training event!
-
There's been a lot of talk coming out of Microsoft about SDL, the Security Development Lifecycle. I've been asked to add content about it in my own presentations at TechEd and PDC. But many people get confused about how SDL applies to them. Consider for...
|
|
|
|
|
|