Don and I discovered a rather nasty bug in ASP.NET configuration. If you define a security policy involving a UrlMembershipCondition with an invalid URL, the permission appears to be granted to everything (or a randomly selected collection of components)!!! I wonder whether the problem applies to .NET generally...
... until the collector arrives ...
This "blog" is really just a scratchpad of mine. There is not much of general interest here. Most of the content is scribbled down "live" as I discover things I want to remember. I rarely go back to correct mistakes in older entries. You have been warned :)
