DotNet web applications persist user input and other data between the client HTML and the server with a mechanism called ViewState. The default behavior for the ViewState is to simply encode its contents via base64 to prevent code execution and potential script injections, but you can still see the contents of the ViewState if you manually decode the base64 text values. If you would like to encrypt the ViewState on every page of the application to improve security, you can do so by adding a tag to the root web config of your CentreStack application. This can help to prevent hackers from trying to reverse-engineer the application and try to perform XSS attacks.
Steps
1-Open the following file with notepad:
C:\Program Files (x86)\Gladinet Cloud Enterprise\root\web.config
2-Around line 10, you will see the following:
<configuration>
<system.web>
3-Add a "pages" tag like the example below as a child of the "system.web" tag:
<configuration>
<system.web>
<pages enableViewStateMac="true" viewStateEncryptionMode="Always"></pages>
4-Save the web.config file and close it. You may need special permissions in order to save it. Alternatively, you can save it to the computer's desktop, then manually drag and replace the file in "C:\Program Files (x86)\Gladinet Cloud Enterprise\root\"
Comments
0 comments
Please sign in to leave a comment.