Search Results

Search found 57033 results on 2282 pages for 'asp net mvc 2 metadata'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 651/2282 | < Previous Page | 647 648 649 650 651 652 653 654 655 656 657 658  | Next Page >

  • What am I missing in this ASP.NET XSS Security Helper class?

    - by smartcaveman
    I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

    Read the article

  • On asp:Table Control how do we create a thead ?

    - by balexandre
    from MSDN article on the subject we can see that we create a TableHeaderRowthat conatins TableHeaderCells. but they add the table header like this: myTable.Row.AddAt(0, headerRow); witch outputs the HTML: <table id="Table1" ... > <tr> <th scope="column" abbr="Col 1 Head">Column 1 Header</th> <th scope="column" abbr="Col 2 Head">Column 2 Header</th> <th scope="column" abbr="Col 3 Head">Column 3 Header</th> </tr> <tr> <td>(0,0)</td> <td>(0,1)</td> <td>(0,2)</td> </tr> ... and it should have <thead> and <tbody> (so it works seamless with tablesorter) :) <table id="Table1" ... > <thead> <tr> <th scope="column" abbr="Col 1 Head">Column 1 Header</th> <th scope="column" abbr="Col 2 Head">Column 2 Header</th> <th scope="column" abbr="Col 3 Head">Column 3 Header</th> </tr> </thead> <tbody> <tr> <td>(0,0)</td> <td>(0,1)</td> <td>(0,2)</td> </tr> ... </tbody> the HTML aspx code is <asp:Table ID="Table1" runat="server" /> How can I output the correct syntax? Just as information, the GridViewcontrol has this builed in as we just need to set teh Accesbility and use the HeaderRow gv.UseAccessibleHeader = true; gv.HeaderRow.TableSection = TableRowSection.TableHeader; gv.HeaderRow.CssClass = "myclass"; but the question is for the Table control.

    Read the article

  • MSI Installer error 2203; how to force permissions on installer directory?

    - by goober
    [Cross-Posted on StackOverflow.com as well because the question relates to development. Feel free to let me know where it best belongs.] Hi all, I'll try to bullet-point to keep it short: Background / Issue Trying to install ASP.NET MVC 3 RC on my Windows 7 machine. Uninstalled other versions of MVC (2 and 3 Beta 1). Ran the installer -- got a generic error, 2203. Log files said that it was a permissions error on C:\Windows\Installer. Checked C:\Windows\Installer -- sure enough, it's marked as read-only. I un-checked "Read-Only" in the folder properties and applied. It appears to open the dialog and apply to all files. However, when clicking properties again, the read-only box is backed to checked. Checked the security tab of the folder -- both system and the Administrators group have full access. I checked ownership -- the Administrators group is listed as an owner. Verified that I'm in the system as an Administrator (in fact, the only account in the Administrators group besides Administrator). So, what gives? Thanks in advance for any help you can provide!

    Read the article

  • IIS 7.0 - responses throttled to 500ms blocks?

    - by Julia Hayward
    Scenario: ASP.NET MVC wep app sitting on my local machine (Vista Ultimate, IIS 7.0), nothing going on except one user (me) logged in and viewing an index page. The page includes 9 dynamic images drawn from the underlying DB and returned from a controller action. I have got the actual processing time for these images down to 15ms each. Turn on Firebug and watch the page load. What I see is 9 requests for images firing off together – no surprise – but four come back to me almost immediately; two more after 0.5s; another after 1s; then at 1.5s and 2s. Logging on the server side suggests the individual responses are still only taking 15ms. So it appears IIS is queueing things up into 500ms chunks. (Repeating the experiment produces different results, but each time the images return in similar blocks – you might get three in the first group, then three at 0.5s, two at 1s etc, for example – and it’s always at 500ms intervals, not anything else.) It’s also repeatable cross-browser, and it’s not repeatable with other forms of content. I haven't found any particular mention of this problem out there, so I'm sort of assuming it's not an IIS bug, so is it: i) IIS on desktop OSs deliberately does it, to make you use server OSs in production? ii) There is some magical setting that has eluded me for as long as I’ve known IIS? iii) Something peculiar to MVC or SQL Server 2008? or something else?

    Read the article

  • Unable to access newly created web site in IIS 7.5

    - by Animesh
    Configuration: 32-bit Windows 7 development machine with IIS 7.5 I created a new web site in IIS to host only MVC sites called MVCHOST. The physical path to this website is set as C:\inetpub\mvcroot. I created a new v4.0 pool called mvcpool for this purpose. I have given Modify rights to IIS_WPG, IIS_IUSRS, ASPNET accounts. I created this web site with a host header "mvchost" and port 80, in the hopes of browsing MVC sites in the following way: mvchost/mvcapp1 mvchost/mvcapp2 instead of localhost/mvcapp1 localhost/mvcapp2 The only binding I set is the default one: http:*:80:mvchost. I have also copied the files iisstart.htm, web.config, welcome.png and folder aspnet_client from wwwroot over to mvcroot. Now when I try to the browse this site from IIS manager, I get the following error: This webpage is not available If I leave out the host header and give some port, say 99, I can access this website at localhost:99. What am I missing here? Why am I unable to access the web site at: http://mvchost/?

    Read the article

  • Displaying JSON in your Browser

    - by Rick Strahl
    Do you work with AJAX requests a lot and need to quickly check URLs for JSON results? Then you probably know that it’s a fairly big hassle to examine JSON results directly in the browser. Yes, you can use FireBug or Fiddler which work pretty well for actual AJAX requests, but if you just fire off a URL for quick testing in the browser you usually get hit by the Save As dialog and the download manager, followed by having to open the saved document in a text editor in FireFox. Enter JSONView which allows you to simply display JSON results directly in the browser. For example, imagine I have a URL like this: http://localhost/westwindwebtoolkitweb/RestService.ashx?Method=ReturnObject&format=json&Name1=Rick&Name2=John&date=12/30/2010 typed directly into the browser and that that returns a complex JSON object. With JSONView the result looks like this: No fuss, no muss. It just works. Here the result is an array of Person objects that contain additional address child objects displayed right in the browser. JSONView basically adds content type checking for application/json results and when it finds a JSON result takes over the rendering and formats the display in the browser. Note that it re-formats the raw JSON as well for a nicer display view along with collapsible regions for objects. You can still use View Source to see the raw JSON string returned. For me this is a huge time-saver. As I work with AJAX result data using GET and REST style URLs quite a bit it’s a big timesaver. To quickly and easily display JSON is a key feature in my development day and JSONView for all its simplicity fits that bill for me. If you’re doing AJAX development and you often review URL based JSON results do yourself a favor and pick up a copy of JSONView. Other Browsers JSONView works only with FireFox – what about other browsers? Chrome Chrome actually displays raw JSON responses as plain text without any plug-ins. There’s no plug-in or configuration needed, it just works, although you won’t get any fancy formatting. [updated from comments] There’s also a port of JSONView available for Chrome from here: https://chrome.google.com/webstore/detail/chklaanhfefbnpoihckbnefhakgolnmc It looks like it works just about the same as the JSONView plug-in for FireFox. Thanks for all that pointed this out… Internet Explorer Internet Explorer probably has the worst response to JSON encoded content: It displays an error page as it apparently tries to render JSON as XML: Yeah that seems real smart – rendering JSON as an XML document. WTF? To get at the actual JSON output, you can use View Source. To get IE to display JSON directly as text you can add a Mime type mapping in the registry:   Create a new application/json key in: HKEY_CLASSES_ROOT\MIME\Database\ContentType\application/json Add a string value of CLSID with a value of {25336920-03F9-11cf-8FD0-00AA00686F13} Add a DWORD value of Encoding with a value of 80000 I can’t take credit for this tip – found it here first on Sky Sander’s Blog. Note that the CLSID can be used for just about any type of text data you want to display as plain text in the IE. It’s the in-place display mechanism and it should work for most text content. For example it might also be useful for looking at CSS and JS files inside of the browser instead of downloading those documents as well. © Rick Strahl, West Wind Technologies, 2005-2011Posted in ASP.NET  AJAX  

    Read the article

  • Welcome 2011

    - by WeigeltRo
    Things that happened in 2010 MIX10 was absolutely fantastic. Read my report of MIX10 to see why.   The dotnet Cologne 2010, the community conference organized by the .NET user group Köln and my own group Bonn-to-Code.Net became an even bigger success than I dared to dream of.   There was a huge discrepancy between the efforts by Microsoft to support .NET user groups to organize public live streaming events of the PDC keynote (the dotnet Cologne team joined forces with netug  Niederrhein to organize the PDCologne) and the actual content of the keynote. The reaction of the audience at our event was “meh” and even worse I seriously doubt we’ll ever get that number of people to such an event (which on top of that suffered from technical difficulties beyond our control).   What definitely would have deserved the public live streaming event treatment was the Silverlight Firestarter (aka “Silverlight Damage Control”) event. And maybe we would have thought about organizing something if it weren’t for the “burned earth” left by the PDC keynote. Anyway, the stuff shown at the firestarter keynote was the topic of conversations among colleagues days later (“did you see that? oh yeah, that was seriously cool”). Things that I have learned/observed/noticed in 2010 In the long run, there’s a huge difference between “It works pretty well” and “it just works and I never have to think about it”. I had to get rid of my USB graphics adapter powering the third monitor (read about it in this blog post). Various small issues (desktop icons sometimes moving their positions after a reboot for no apparent reasons, at least one game I couldn’t get run at all, all three monitors sometimes simply refusing to wake up after standby) finally made me buy a PCIe 1x graphics adapter. If you’re interested: The combination of a NVIDIA GTX 460 and a GT 220 is running in “don’t make me think” mode for a couple of months now.   PowerPoint 2010 is a seriously cool piece of software. Not only the new hardware-accelerated effects, but also features like built-in background removal and picture processing (which in many cases are simply “good enough” and save a lot of time) or the smart guides.   Outlook 2010 crashes on me a lot. I haven’t been successful in reproducing these crashes, they just happen when every couple of days on different occasions (only thing in common: I clicked something in the main window – yeah, very helpful observation)   Visual Studio 2010 reminds me of Visual Studio 2005 before SP1, which is actually not a good thing to say about a piece of software. I think it’s telling that Microsoft’s message regarding the beta of SP1 has been different from earlier service pack betas (promising an upgrade path for a beta to the RTM sounds to me like “please, please use it NOW!”).   I have a love/hate relationship with ReSharper. I don’t want to develop without it, but at the same time I can’t fail to notice that ReSharper is taking a heavy toll in terms of performance and sometimes stability. Things I’m looking forward to in 2011 Obviously, the dotnet Cologne 2011. We already have been able to score some big name sponsors (Microsoft, Intel), but we’re still looking for more sponsors. And be assured that we’ll make sure that our partners get the most out of their contribution, regardless of how big or small.   MIX11, period.    Silverlight 5 is going to be great. The only thing I’m a bit nervous about is that I still haven’t read anything official on whether C# next version’s async/await will be in it. Leaving that out would be really stupid considering the end-of-2011 release of SL5 (moving the next release way into the future).

    Read the article

  • How do I get Lucene (.NET) to highlight correctly with wildcards?

    - by Scott Stafford
    I am using the Lucene.NET API directly in my ASP.NET/C# web application. When I search using a wildcard, like "fuc*", the highlighter doesn't highlight anything, but when I search for the whole word, like "fuchsia", it highlights fine. Does Lucene have the ability to highlight using the same logic it used to match with? Various maybe-relevant code-snippets below: var formatter = new Lucene.Net.Highlight.SimpleHTMLFormatter( "<span class='srhilite'>", "</span>"); var fragmenter = new Lucene.Net.Highlight.SimpleFragmenter(100); var scorer = new Lucene.Net.Highlight.QueryScorer(query); var highlighter = new Lucene.Net.Highlight.Highlighter(formatter, scorer); highlighter.SetTextFragmenter(fragmenter); and then on each hit... string description = Server.HtmlEncode(doc.Get("Description")); var stream = analyzer.TokenStream("Description", new System.IO.StringReader(description)); string highlighted_text = highlighter.GetBestFragments( stream, description, 1, "..."); And I'm using the QueryParser and the StandardAnalyzer.

    Read the article

  • Ajax.ActionLink is not POSTing

    - by Dave Hanna
    I am trying to navigate to an MVC action by POSTing rather than GETting. (The action is a DELETE, and I don't want it reachable by an external link.) I am using a link in a grid generated by Ajax.ActionLink("Remove", "Delete", new { saID = Model.Said, id = e.id }, new AjaxOptions { HttpMethod = "POST", Confirm = "Are you sure you want to delete this item?" }) Which generates the following HTML: <a href="/Equipment/Delete/102424/229933" onclick="Sys.Mvc.AsyncHyperlink.handleClick(this, new Sys.UI.DomEvent(event), { insertionMode: Sys.Mvc.InsertionMode.replace, confirm: 'Are you sure you want to delete this item?', httpMethod: 'POST' });">Remove</a> My problem is that when I click on the link, I am reaching the Delete action via a GET rather than a POST, AND the Confirm dialog is not taking place. I have been googling this for several hours and just keep getting wrapped around the axle. What am I doing wrong?

    Read the article

  • Rendering a derived partial view with Html.RenderPartial

    - by FreshCode
    Calling Html.RenderPartial("~/Views/Payments/MyControl.ascx"); from a view works if Method.ascx is a control that directly inherits System.Web.Mvc.ViewUserControl. However, if the control inherits a new class that derives from System.Web.Mvc.ViewUserControl, the call to Html.RenderPartial("~/Views/Payments/MyDerivedControl.ascx"); fails, reporting that no such view exists. Example derived ViewUserControl: class MyDerivedControl : System.Web.Mvc.ViewUserControl { public Method() { ViewData["SomeData"] = "test"; } } Is there a workaround, or is there another way I should be doing this? Perhaps an HTML helper?

    Read the article

  • Html.RenderAction<MyController> - does not have type parameters

    - by Ami
    Hi, I'm trying to use RenderAction in the following way: '<% Html.RenderAction( x = x.ControllerAction() ); %' as seen here: http://devlicio.us/blogs/derik_whittaker/archive/2008/11/24/renderpartial-vs-renderaction.aspx and here: http://eduncan911.com/blog/html-renderaction-for-asp-net-mvc-1-0.aspx but I keep getting an error about the method not having type parameters. also in MSDN I see there is no documentation for it, and also checking the MVC source code I can't find anything. I'm using the latest ASP.Net MVC (2.0 RTM) is this feature no longer available? how can I use it? thanks.

    Read the article

  • learning OO with PHP

    - by dole doug
    Hi there I've started to learn OO programming, but using the PHP language with the help of the "PHP 5 Objects, Patterns, and Practice" book. The thing is that I wish to learn to use into same time the CakePHP framework which make use a lot of the MVC pattern. Because I don't know much about OO and less about MVC I wish to understand the later one but assumptions I make with my OO knowledges might have bad impact on long term. Does anyone know a good tutorial about what means MVC (more than cakephp manual says about it, but more easy to read/understand than wikipedia)? TY

    Read the article

  • Changing error message for datatype validation?

    - by Matthias
    Hey guys, I've a small question on ASP.NET MVC 2. I'm using Data Annotations on my Presentation Model and its model binder per default. But one step back, I want to do the most elementary thing: validation of the data type. Let's say I have an "int ID" on my model and want to edit the according entity in my view. If I enter something wrong like "foo", then I get a model error back, but the validation message is on English. I want to have this message in other languages, too. How can I do this? I remember that in MVC 1 I've written a custom model binder which checks the data types, but that's not what I want to do (at least not in MVC 2). Thus I hope there is a better way... Thanks, Matthias

    Read the article

  • Is it possible to make a persistent connection between a Python web service and a .Net WCF Client?

    - by Ad Hock
    I have a .Net 3.5 SOAP client written in C# using the WCF. It's expecting basicHTTPBinding and a persistent connection with HTTP/1.1. I'm trying to create a Python 2.6 application that will act as a web-service for the client. My problem is that the client keeps closing the connection and opening a new one for every command to the web service. How does the .Net WCF client know to stay open when connecting with a .Net Service? When I create a dummy .Net web service the client connects fine and the connection remains persistent. From what I can tell, when connected to a .Net server, there are no special HTTP headers being sent, that makes sense since HTTP/1.1 assumes a persistent connection unless otherwise specified (right?). However, with the python web service I accept/open a connection and eventually the client will send a TCP FIN and the connection will close (the client never sends a FIN or RST when connecting to a .Net service). The communication goes something like this: Incoming -- HTTP Header for SOAP Command #1 Outgoing -- HTTP Header with a Continue Incoming -- Body of Command #1 Outgoing -- ACK Command #1 (HTTP headers and body) Incoming -- HTTP Header for SOAP Command #2 Outgoing -- HTTP Header with a Continue Incoming -- TCP FIN <Connection closes> <New connection opens and SOAP command #2 (with full HTTP headers) is sent> I'm using a SocketServer.ThreadingTCPServer as the server and a BaseHTTPServer.BaseHTTPRequestHandler for any requests. The handler is actually a derived class of that with a do_POST method to handle the HTTP headers. I've looked at WireShark captures and I'm stumped. I've tried setting socket options to SO_KEEPALIVE and SO_REUSEADDR in the server but that didn't seem to change anything. What am I missing?

    Read the article

  • Creating a framework for ASP.NET web forms similar to Flex states.

    - by Shawn Simon
    I really enjoy the flex states framework. You define a few states for your control, and then can set child controls to only appear in certain states. Check out this code: <s:states> <s:State name="signin"/> <s:State name="register"/> </s:states> <mx:FormItem label="Last name:" includeIn="register" id="lastNameItem" alpha="0.0"> <s:TextInput id="lastName" width="220"/> </mx:FormItem> Now the last name form will only appear in the register screen. This would be really useful I think in .NET where you use the page for views like update / insert. I was considering extending the Page element to have a states property using extension methods, and adding the include in to controls. This way I could auto-hide controls based on the current view at render time. What is even cooler in Flex, is that you can use different handlers / properties based on the current state. <s:Button label="Sign in" label.register="Register" id="loginButton" enabled="true" click.signin="signin()" click.register="register()"/> I'm sure there's a way I could implement something similar to this as well. Do you think this is a good idea? Or does it just add a level of abstraction to framework that already has a poor separation of concerns?

    Read the article

  • Separation of concerns and authentication

    - by Tom Gilder
    I'm trying to be a Good Developer and separate my concerns out. I've got an ASP.NET MVC project with all my web code, and a DAL project with all the model code. Sometimes code in the DAL needs to check if the current user is authorized to perform some actions, by checking something like CurrentUser.IsAdmin. For the web site, the current is derived from the Windows username (from HttpContext.Current.User.Identity), but this is clearly a web concern and shouldn't be coupled to the DAL. What's the best pattern to loosely couple the authentication? Should the DAL be asking the MVC code for a username, or the MVC be telling the DAL? Are there advantages or disadvantages to one or the other? Thank you!

    Read the article

  • Problem with MvcContrib

    - by Sasha
    I want to use MvcContrib Grid helper, but i stuck on the problem - it's not working. I downloaded release for mvc 1, i have dll on my hard drive, i added a reference to my project, but i always getting following error: 'System.Web.Mvc.HtmlHelper' does not contain a definition for 'Grid' and no extension method 'Grid' accepting a first argument of type 'System.Web.Mvc.HtmlHelper' could be found (are you missing a using directive or an assembly reference?) I am using Visual Web Developer 2008 if this is important The question is: how correctly add this to my project? Can you give me step by step instruction? Thanks

    Read the article

  • DataAnnotationsModelBinder with MVC2 RTM

    - by yang
    Trying to validate models with DataAnnotations but DefaulModelBinder overrides my Required property error messages and never uses my error messages for invalid data entry. Always show 'value' is invalid for 'property name'. In another question I saw that MVC 2 uses DefaultModelBinder but I couldn't find any class in MVC 2 binaries. I downloaded the source for MVC futures and changed some source to compile it for .Net 4.0 but although I had success to compile, it has compatability problems and doesn't work as expected. Any help is aprreciated.

    Read the article

  • How to handle update events on a ASP.NET GridView?

    - by Bogdan M
    Hello, This may sound silly, but I need to find out how to handle an Update event from a GridView. First of all, I have a DataSet, where there is a typed DataTable with a typed TableAdapter, based on a "select all query", with auto-generated Insert, Update, and Delete methods. Then, in my aspx page, I have an ObjectDataSource related to my typed TableAdapter on Select, Insert, Update and Delete methods. Finnally, I have a GridView bound to this ObjectDataSource, with default Edit, Update and Cancel links. How should I implement the edit functionality? Should I have something like this? protected void GridView_RowEditing(object sender, GridViewEditEventArgs e) { using(MyTableAdapter ta = new MyTableAdapter()) { ta.Update(...); TypedDataTable dt = ta.GetRecords(); this.GridView.DataSource = dt; this.GridView.DataBind(); } } In this scenario, I have the feeling that I update some changes to the DB, then I retrive and bind all the data, and not only the modified parts. Is there any way to update only the DataSet, and this to update on his turn the DataBase and the GridView? I do not want to retrive all the data after a CRUD operations is performed, I just want to retrive the changes made. Thanks. PS: I'm using .NET 3.5 and VS 2008 with SP1.

    Read the article

  • Is it impossible to secure .net code (intellectual property) ?

    - by JL
    I used to work in JavaScript a lot and one thing that really bothered my employers was that the source code was too easy to steal. Even with obfuscation, nothing really helped, because we all knew that any competent developer would be able to read that code if they wanted to. JS Scripts are one thing, but what about SOA projects that have millions invested in IP (Intellectual Property). I love .net, and especially C#, but I recently again had to answer the question "If we give this compiled program over to our clients, can their developers reverse engineer it?" I had gone out of my way to obfuscate the code, but I knew it wouldn't take that much for another determined C# developer to get at the code. So I earnestly pose the question, is it impossible to secure .net code? The considerations I have as as follows: Even regular native executables can be reversed, but not every developer has the skill to be able to do this. Its a lot harder to disassemble a native executable than a .net assembly. Obfuscation will only get you so far, but it does help a little. Why have I never seen any public acknowledgement by Microsoft that anything written in .net is subject to relatively easy IP theft? Why have I never seen a scrap of counter measure training on any Microsoft site? Why does VS come with a community obfuscater as an optional component? Ok maybe I have just had my head in the sand here, but its not exactly high on most developers priority list. Are there any plans to address my concerns in any future version of .net? I'm not knocking .net, but I would like some realistic answers, thank you, question marked as subjective and community!

    Read the article

  • Ideas for building vulnerabilities into your site?

    - by Jaco Pretorius
    I'm trying to create a programming challenge that would require developers to hack into the MVC site I create. The idea is obviously to teach them about preventing these types of attacks. The current idea I have is to build multiple vulnerabilities into the site - but the second vulnerability would require the first to be completed, etc. So I was thinking the first could be a sql injection attack, the second would require a modified GET request, etc. Exploiting the final vulnerability would reveal a specific piece of information which is proof that you have completed the entire challenge. This will not be deployed on a public site - it's simply a learning tool for developers at my company. I'm not looking for MVC-specific vulnerabilities - I'm simply using MVC because it allows me to work with the 'raw' HTML. Any ideas on the different vulnerabilities I can use?

    Read the article

  • How to Detect in Windows Registry if user has .Net Framework installed?

    - by Sarah Weinberger
    How do I detect in the Windows Registry if a user has .Net Framework installed? I am not looking for a .Net based solution, as the query is from InnoSetup. I know from reading another post here on Stack Overflow that .Net Framework is an inplace upgrade to 4.0. I already know how to check if a user has version 4.0 installed on the system, namely by checking the following: function FindFramework(): Boolean; var bVer4x0: Boolean; bVer4x0Client: Boolean; bVer4x0Full: Boolean; bSuccess: Boolean; iInstalled: Cardinal; begin Result := False; bVer4x0Client := False; bVer4x0Full := False; bVer4x0 := RegKeyExists(HKLM, 'SOFTWARE\Microsoft\.NETFramework\policy\v4.0'); bSuccess := RegQueryDWordValue(HKLM, 'Software\Microsoft\NET Framework Setup\NDP\v4 \Client', 'Install', iInstalled); if (1 = iInstalled) AND (True = bSuccess) then bVer4x0Client := True; bSuccess := RegQueryDWordValue(HKLM, 'Software\Microsoft\NET Framework Setup\NDP\v4 \Full', 'Install', iInstalled); if (1 = iInstalled) AND (True = bSuccess) then bVer4x0Full := True; if (True = bVer4x0Full) then begin Result := True; end; end; I checked the registry and there is no v4.5 folder, which makes sense if .Net Framework 4.5 is an inplace upgrade. Still, the Control Panel Programs and Features includes the listing. I know that probably "issuing dotNetFx45_Full_setup.exe /q" will have no bad effect if installing on a system that already has version 4.5, but I still would like to not install the upgrade if the upgrade already exists, faster and less problems.

    Read the article

  • Is Python good for highload web projects?

    - by Vitali Fokin
    Hello! I decidet to start my own web project. It should be highload project, and I can't decide which technologies should I use. I'm good in ASP.NET MVC, but I like languages like Python more than C#. I read a lot about Python and Django/Pylons/etc but I didn't find any good examples of highload projects on python. So, the question is: Is Python good for highload project? Is it enough fast? And if it is, are python frameworks like django/pylons/etc good for this? Or asp.net mvc will be better choice? PS, I'm not interesting in Java, Ruby and PHP :) So, I'm choosing only between Python + django/pylons/etc and asp.net mvc. Thanks in advance. Please, don't make holywars :)

    Read the article

  • How can I compile .NET 3.5 C# code on a system without Visual Studio?

    - by JimEvans
    I have some C# code that uses some constructs specific to .NET 3.5. When you install the .NET Framework distribution, you get the C# compiler installed with it (csc.exe). Even if I specify the csc.exe in C:\Windows\Microsoft.NET\Framework\v3.5, I cannot compile the code on a computer with only the .NET Framework installed, but not Visual Studio. I am able to compile code that uses v2.0 constructs without difficulty. How can I accomplish this? Here is a sample that demonstrates my problem: using System; class Program { public static void Main() { // The MacOSX value to the PlatformID enum was added after // .NET v2.0 if (Environment.OSVersion.Platform == PlatformID.MacOSX) { Console.WriteLine("Found mac"); } Console.WriteLine("Simple program"); } } When compiling this code using csc.exe, I receive the following error: test.cs(9, 58): error CS0117: 'System.PlatformID' does not contain a definition for 'MacOSX' When executing csc.exe /? I receive the banner: Microsoft (R) Visual C# 2008 Compiler version 3.5.21022.8 for Microsoft (R) .NET Framework version 3.5 Copyright (C) Microsoft Corporation. All rights reserved.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 647 648 649 650 651 652 653 654 655 656 657 658  | Next Page >