Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there a security risk if an application called page.ashx called internal only page.ashx, can a hacker conclude that another page is called.
I don’t want anyone to access this page. it looks stupid I know, but it is a part of more complex problem.
thanks
By default, an ashx handler can be accessed just the same as an aspx page.
It is unclear what you mean by “internal”. If the call is made at server side you can hide the file by removing permissions on the IIS. However, that may indicate you don’t need a handler at all, and can probably call the function directly.
If the client need to access it (if it’s returning a script or an image, for example), you cannot prevent direct access to it.