I finally got this all working. It was a lot more complex than running a simple Dockerfile, as it was a site that was originally developed in 2002. There were modules that had to be downloaded and installed, web.config sections that needed to be unlocked, and ODBC data connections that had to be made. My … Read more
From your code, it looks like provider is a variant or some other variable, and not an object. Is Nothing is for objects only, yet later you say it’s a value that should either be NULL or NOT NULL, which would be handled by IsNull. Try using: If Not IsNull(provider) Then url = url & … Read more
The maxAllowedContentLength controls how much data is allowed to be sent in a response. However you want to control how much can be accepted in a request. This is handled by the maxRequestEntityAllowed attribute of the limits element in the asp section of the config file. An example might look like:- <system.webServer> <asp> <cache diskTemplateCacheDirectory=”%SystemDrive%\inetpub\temp\ASP … Read more
We were affected with multiple customers too. I ruled out invalid strong-name signing of our assemblies, since the .NET Assemblies from the Framework itself were affected by that access-denied error too. Finally I managed to solve the issue by configuration. Apparently the authenticating identity of the website has now to match the identity of the … Read more
I have had the exact same problem after migrating from 2003 to 2008 R2 and found the solution. Change: Set objhttp = Server.CreateObject (“MSXML2.ServerXMLHTTP.6.0”) to: Set objhttp = Server.CreateObject (“MSXML2.XMLHTTP.6.0”) and your problem will go away. I tried to find the pros and cons about both objects, but haven’t yet found a reason to not … Read more
From your code, it looks like provider is a variant or some other variable, and not an object. Is Nothing is for objects only, yet later you say it’s a value that should either be NULL or NOT NULL, which would be handled by IsNull. Try using: If Not IsNull(provider) Then url = url & … Read more
Your http is being blocked by a firewall from F5 Networks called Application Security Manager (ASM). It produces messages like: Please consult with your administrator. Your support ID is: xxxxxxxxxxxx So your application is passing some data that for some reason ASM detects as a threat. Give the support id to your network engineer to … Read more
Microsoft includes an example using an ISAPI filter to all outbound cookies: http://msdn.microsoft.com/en-us/library/ms972826 or URL rewriting could be used http://forums.iis.net/p/1168473/1946312.aspx <rewrite> <outboundRules> <rule name=”Add HttpOnly” preCondition=”No HttpOnly”> <match serverVariable=”RESPONSE_Set_Cookie” pattern=”.*” negate=”false” /> <action type=”Rewrite” value=”{R:0}; HttpOnly” /> <conditions> </conditions> </rule> <preConditions> <preCondition name=”No HttpOnly”> <add input=”{RESPONSE_Set_Cookie}” pattern=”.” /> <add input=”{RESPONSE_Set_Cookie}” pattern=”; HttpOnly” negate=”true” /> </preCondition> … Read more
Stored Procedures and/or prepared statements: https://stackoverflow.com/questions/1973/what-is-the-best-way-to-avoid-sql-injection-attacks Can I protect against SQL Injection by escaping single-quote and surrounding user input with single-quotes? Catching SQL Injection and other Malicious Web Requests With Access DB, you can still do it, but if you’re already worried about SQL Injection, I think you need to get off Access anyway. Here’s … Read more
This is the default Firefox behavior designed for security .The assumption is probably that most web sites don’t know what and where are you local files (including UNC paths). This could be turned off in firefox: type “about:config” in the address bar and accept “i’ll be careful” find “security.checkloaduri” in older versions or “security.fileuri.strict_origin_policy” in … Read more