IsolatedStorage to the Rescue

Saturday, August 18, 2007

Up until recently I've been totally unaware to an extremely useful .NET feature known as IsolatedStorage. It goes like this. Let's say you have a client application, right? And that application needs to store some data, right? Some user preferences maybe. Thing is, trying to simply write that data into a file can be a problem. Your application might not have the permissions needed to write to the file system. In fact, if we're talking about a browser application, that's a very likely situation. Here IsolatedStorage comes to our rescue. It allows you to write application or assembly specific...
no comments

Careful with that FreeTextBox

Monday, August 13, 2007

I came in need of an ASP.NET text box control that allows the user to enter rich text. Quickly enough I found FreeTextBox, an awesome control that is widely used in several well-known projects (such as Community Server, which hosts the blog you're currently reading). And, as it name suggests, the basic version of the control (which is more than enough for my needs) is free. So I started playing around with it a bit, throwing it in a web-page, editing some HTML and posting the page. Boom. ...A potentially dangerous Request.Form value was detected fromthe client... Well, of course. ASP.NET...

Why client-side validation is a lie

Saturday, May 26, 2007

You probably heard it a million times. It is one of the golden rules of web-development. Do not rely solely on client-side validation to ensure you get the data that you expect from the browser. Anyone can send you a crafted request that bypasses your script validation. Always validate on the server as well. And yet, I see a lot of commercial sites that ignore this rule, and it is easy as hell to break their logic. In fact, with the following simple steps I will show, you can bypass any javascript-only validation. Consider the following TestValidation.htm page: ...
no comments