Why client-side validation is a lie

May 26, 2007

You probably heard it a million times. It is one of the golden rules of web-development. Do not rely solely on client-side validation to ensure you get the data that you expect from the browser. Anyone can send you a crafted request that bypasses your script validation. Always validate on the server as well. And yet, I see a lot of commercial sites that ignore this rule, and it is easy as hell to break their logic. In fact, with the following simple steps I will show, you can bypass any javascript-only validation. Consider the following TestValidation.htm page: ...
no comments

VS2005 Web Project: Assembly referencing issue

May 19, 2007

We have encountered an interesting issue regarding assembly referencing from an ASP.NET web project in Visual Studio 2005. A developer in my team did the following: he added to a web-site a reference to a GAC installed assembly, lets call it Gac.dll. This GAC installed assembly had a file reference to another assembly which was not installed at the GAC, we shall call it Lib.dll, and we shall assume it is located in c:\lib. Lets assume Gac.dll has the following code in it: namespace Gac { public class GacObject { ...
tags:
no comments

Anonymous Delegates or DisposableActions?

May 11, 2007

One of the most useful features of .NET 2.0 is anonymous delegates. They allow you to create "wrappers" for code which run before and after the code, handle exceptions in it, and decide whether to run it or not. Consider the following method: public static void WrapCall(Callback callback) { try { callback(); ...
tags: ,
no comments

NUnit vs. VSTS: VSTS Wins

May 7, 2007

As I've said before, our team has begun doing unit testing. At first we used NUnit and NCover for this purpose, although we have VSTS licenses. This was for the following reasons:  NUnit is faster than VSTS (and that test panel really slows down the IDE... Like it isn't slow enough!). NUnit has more features than VSTS (although for now we're using only the basics anyway) and less bugs. NUnit has more support and lots of googleable knowledge. It is definitely the more mature solution. NUnit feels more "clean" to me. You don't have to create a special test...
tags: ,
no comments

Frustration

May 1, 2007

Yesterday I tackled this extremely annoying bug, which kept me annoyed for about 10 hours in a row. We are using a GIS software called ArcGIS Server, which one of its main uses is to supply maps - In our case, images passed to a web-control which comes with the software. Everything worked nice and dandy until we installed our new version on a new production server. The maps would not display and all we got to see is WHITE. At the following hours I tried, among others, the following approaches: Recreating the cache for the maps (X...
tags:
no comments