Wednesday, 16 May 2012

Web Config Security Analysis


On production level security of web.config should be very strong and properly handled shortly I am giving just these ideas
·         <customErrors mode="On"/>
·         <trace enabled="false" localOnly="false"/>
·         <trust level="Minimal"></trust>
·         <compilation debug="false">
·         <httpCookies httpOnlyCookies="true"  requireSSL="true"></httpCookies>
·         <sessionState cookieless="UseCookies"></sessionState>


·         <roleManager enabled="false" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" cookiePath="/"></roleManager>
·         <httpRuntime maxRequestLength="8000"/>
·         <pages enableViewState="true" enableViewStateMac="true" viewStateEncryptionMode="Always" validateRequest="true">

Give your comment to enhance more security.