Showing posts from January, 2012

Microsoft Security Bulletin MS11-100 and MaxHttpCollectionKeys

On 29th December 2011, Microsoft released a patch to fix vulnerabilities in the .NET Framework - update MS11-100

One unfortunate side effect of this update is the limiting of the MaxHttpCollectionKeys value, which causes problems with HTTP submissions with lots of form elements. I believe it is now limited to 500, but I cannot find any details confirming this. 

To increase this limit for an application that needs to submit more than 500 elements, add the following key to the webconfig file in your web site or web application:

I hope this helps someone, as I had to implement this as a fix quite recently for a web application.

Connecting to SQL Azure with Dynamic IP Addresses

SQL Azure does a good job of security by locking down access with a firewall by default. As more and more companies trust their data to the cloud, cloud based solutions will likely become a target more and more focused on by people attempting to steal data.
SQL Azure currently offers a free three month trial, and I would recommend all Web Developers who develop database-driven solutions to try it. More details can be found at:
Whilst I've said what a good job of security SQL Azure does, anyone trialing SQL Azure may run into problems with the security settings. When creating a new SQL Azure instances, the setup wizard asks you to specify firewall rules:

As you can see, a firewall rule needs to be created that allows either 1 IP address or an IP address range to access the SQL Azure database. If you have a web application hosted on a server, then you can create a firewall rule for the IP address of that server - bingo, your applica…