ASP.NET and SharePoint Security Vulnerability

An important message to my IT contacts, thanks to Mike Hatfield, Nicom’s Chief Technology Officer, regarding a security vulnerability…

On the 17th of September, a security vulnerability was announced that affects all versions of ASP.NET and SharePoint web sites/applications that can allow someone to access very sensitive information if exploited.

For Technicians:
A security update has been released today to address the problem. Please, make sure this Windows update is applied to your web, SaaS and SharePoint servers. Please see this article from Microsoft for more information: http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx.

For Developers:
As a developer, you normally cannot control updates that are applied to servers hosting your applications. You can, however implement the web.config work around that has provided by Scott Gutherie from Microsoft as documented on his blog here: http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx.

Pat

Web-Enabled Software Applications Are Less Expensive to Maintain

When it comes to computer software applications, in many ways we have come full-circle since the mainframe days of the 1960s and 1970s. Back then, corporate information was housed in central locations with strict rules for access and modifications. To use the applications, we used “dumb terminals”, whose job was nothing more than displaying information and accepting user data.

When the personal computer revolution came, much more power was given to individuals so that mainframe computers were no longer needed for simple tasks, such as word processing for example. This allowed for huge productivity improvements because it reduced the dependency on the IT department for anything other than centralized systems, such as billing or inventory control.

But then “islands of productivity”, as we called them, emerged with no central control, very little security, and no sharing of corporate data. The first step towards solving this problem was to implement local area networks which connected personal computers together and allowed for sharing of information.

read more »

ASP.NET MVC Release Candidate

The ASP.NET MVC team released their Release Candidate product last Tuesday.  The team is still tracking well to their 1.0 release later this month.

You can download the RC version from the ASP.NET MVC web site.

On a semi-related note, there is also a MEAP (Manning Early Access Program) update for the ASP.NET MVC in Action including a handful of new chapters.  Currently the first 11 of 14 are available.