Tuesday, 7 December 2010

Padding Oracle Crypto Attack (Update Released)

In case you missed it, you should by now all have updated your servers with the windows update to fix the Padding Oracle Crypto Attack:

Points worth noting:

  • You'll need to apply th fix to all your servers in the web farm as the encryption/decryption mechanism has changed.
  • Your users will have to log in again - forms auth tickets issued by your app prior to the update will no longer be valid.

Catch-All MVC Route

A weird scenario may come up where you want all requests to an application routed to just one controller action in an ASP.Net MVC application, here's the catch-all route you'll need :)

public static void RegisterRoutes(RouteCollection routes)
      "Default", // Route name
      "{*catchall}", // URL with parameters
      new { controller = "Home", action = "Index" } // Parameter defaults