ASP.NET - Security Vulnerability (Cryptographic Oracles) - why html redirect for pre .NET 3.5 SP1
Why does the recent ASP.N开发者_JS百科ET security vurnerability specify an html error page to redirect to pre ASP.NET 3.5 SP1 but an aspx page for later versions?
AFAIK, it does not really matters what you redirect to (html or aspx). The main point is to redirect to a page that display the same HTML regardless of the error were a 404 or 500.
精彩评论