DCSIMG
Security - Doron's .NET Space

Browse by Tags

All Tags » Security (RSS)
Saturday, August 18, 2007 1:48 PM

IsolatedStorage to the Rescue

Up until recently I've been totally unaware to an extremely useful .NET feature known as IsolatedStorage . It goes like this. Let's say you have a client application, right? And that application needs to store some data, right? Some user preferences maybe. Thing is, trying to simply write that data into a file can be a problem. Your application might not have the permissions needed to write to the file system. In fact, if we're talking about a browser application, that's a very likely situation....
Posted by dorony | with no comments
תגים:,
Monday, August 13, 2007 6:17 PM

Careful with that FreeTextBox

I came in need of an ASP.NET text box control that allows the user to enter rich text. Quickly enough I found FreeTextBox , an awesome control that is widely used in several well-known projects (such as Community Server, which hosts the blog you're currently reading). And, as it name suggests, the basic version of the control (which is more than enough for my needs) is free. So I started playing around with it a bit, throwing it in a web-page, editing some HTML and posting the page. Boom. ...A potentially...
Posted by dorony | 6 comment(s)
תגים:, ,
Saturday, May 26, 2007 9:00 AM

Why client-side validation is a lie

You probably heard it a million times. It is one of the golden rules of web-development. Do not rely solely on client-side validation to ensure you get the data that you expect from the browser. Anyone can send you a crafted request that bypasses your script validation. Always validate on the server as well. And yet, I see a lot of commercial sites that ignore this rule, and it is easy as hell to break their logic. In fact, with the following simple steps I will show, you can bypass any javascript...
Posted by dorony | 1 comment(s)
תגים:, ,