Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Find all literal machineKey decryptionKey and decryptionKey topics and replace key with [your key here] #34365

Open
9 tasks
Rick-Anderson opened this issue Dec 13, 2024 · 0 comments
Open
9 tasks

Find all literal machineKey decryptionKey and decryptionKey topics and replace key with [your key here] #34365

Rick-Anderson opened this issue Dec 13, 2024 · 0 comments
Assignees
@Rick-Anderson
Labels
seQUESTered Identifies that an issue has been imported into Quest. sfi-admin SFI-Admin

Comments

@Rick-Anderson
Copy link
Contributor

Rick-Anderson commented Dec 13, 2024
edited by sequestor bot
Loading

This is about configuring the machine keys in the web.config for web-farm like scenarios. The problem is that the configuration snip from the articles list a configuration sample containing machine key values. It seems that we have quite a few customers that have been copying and pasting this directly into their production configurations without any afterthoughts – and some of them have been compromised by ViewState injection attacks

List to fix

Associated WorkItem - 354961
@Rick-Anderson Rick-Anderson added the sfi-admin SFI-Admin label Dec 13, 2024
@Rick-Anderson Rick-Anderson self-assigned this Dec 13, 2024
This was referenced Dec 13, 2024
Open
Open
@dotnetrepoman dotnetrepoman bot added mapQuest clean move and removed mapQuest clean move labels Dec 13, 2024
@Rick-Anderson Rick-Anderson moved this from 🔖 Ready to 🏗 In progress in dotnet/AspNetCore.Docs December 2024 sprint Dec 13, 2024
@Rick-Anderson Rick-Anderson added reQUEST Triggers an issue to be imported into Quest and removed ⌚ Not Triaged labels Dec 13, 2024
@sequestor sequestor bot added seQUESTered Identifies that an issue has been imported into Quest. and removed reQUEST Triggers an issue to be imported into Quest labels Dec 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rick-Anderson Rick-Anderson

Labels
seQUESTered Identifies that an issue has been imported into Quest. sfi-admin SFI-Admin
Projects
dotnet/AspNetCore.Docs December 2024 sprint
Status: 🏗 In progress
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Rick-Anderson