September 2010 - IMPORTANT ANNOUNCEMENT - SECURITY RISK
Microsoft recently released a Security Advisory notice, highlighting a vulnerability in ASP.NET. Fooshy is developed in ASP.NET and it is therefore important you read the following information.
An attacker who exploited the vulnerability, could gain access to information stored within the Viewstate or Web.config file. Fooshy does not store any sensitive information in Viewstate, however, it does make use of the Web.config file for storing information. Full details (including a temporary workaround) can be found at the following address...
Fooshy is written using the .NET framework 1.1 and therefore the relevant workaround is as follows. Please Note: If your website is hosted with us, we have already taken the liberty of applying this fix to your site.
- Open the web.config file which sits at the root of the application, in any suitable application (Notepad is just fine)
- Find the following line in your web.config file...
- After this line, add the following code
<customErrors mode="On" defaultRedirect="~/error.html" />
- There may already exist a line in your copy of web.config regarding customErrors, such as...
<customErrors mode="Off" />
...if so, comment out this line by adding <!-- and --> at the beginning and end of the line, e.g.
<!--<customErrors mode="Off" />-->
- Save the web.config file. Create a text file named error.html containing a generic error message.
- Upload both files to the live website environment.