That includes all COM objects written with Visual Basic 6.0.Asp Compat should also be set to true (regardless of threading model) if the page creates COM objects that access intrinsic ASP objects such as Request and Response. NET user control is authored declaratively and persisted as a text file with an extension. NET page framework compiles a user control on the fly to a class that derives from the System. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). In addition, you must use the IIS configuration applet to enable localhost (127.0.0.1) to relay messages through the local SMTP service. VSDISCO files are DISCO files that support dynamic discovery of Web services. Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker? If an authentication cookie is stolen then it can be used by an attacker. NET just before it shipped, you need to set Smtp Mail's Smtp Server property to "localhost" even though "localhost" is the default. If I update session state then should I lock it, too? By locking application state before updating it and unlocking it afterwards, you ensure that another request being processed on another thread doesn't read application state at exactly the wrong time and see an inconsistent view of it.
Client-side scripting means that the script will be executed immediately in the browser such as form field validation, clock, email validation, and so on. If the user is working with a browser that supports DHTML then the validation controls can also perform validation using a client script. Session state is locked down when the Http Application instance that's processing the request fires an Acquire Request State event and unlocked when it fires a Release Request State event. NET forms authentication cookies provide any protection against replay attacks? Validation controls perform input checking in server code. One, it's unlikely that two requests from the same user will overlap. NET locks down session state during request processing so that two threads can't touch it at once.If those threads create COM objects marked Threading Model=Apartment then the objects are created in the same STAs as the threads that created them.Without Asp Compat="true," request threads run in a multithreaded apartment (MTA) and each call to an STA-based COM object incurs a performance hit when it's marshaled across apartment boundaries.