secu

Why is ASP.NET accepting externally created session identifiers?

I have an ASP.NET 3.5 Web Site using the standard SQL Membership Provider. The application has to pass the IBM Rational AppScan before we can push to production. I am getting the error: Severity: High Test Type: Application Vulnerable URL: http://mytestserver/myapp/login.aspx Remediation Tasks: Do not accept externally created session ...

Linq to SQL: how get row security between write access??

I would like to allow two threads to write in a table at the same time (I know the problem of updating the same row, but this would be a story apart). I need that in behalf of speed up the operations in my aplication (one thread could write in row X while another could do the same in row X+n instead of waiting the first to finalize). So...