Posts

Showing posts from August, 2005
Canonicalization issues ASP.NET 1.1 has an issues known as canonicalization issue. In fact canonicalization is the process by which all equivalent forms of a name were mapped to a standard unique name which is thus called the canonical form. According to Netcraft The security hole involves a bug in ASP.NET's handling of URLs, so taht if a visitor to an ASP.NET site substitutes '\' or '%5C' for the '/' character in the URL, they may be able to bypass authentication screens. The technique may also work if a space is subsituted for the slash.It also apparently allows authenticated users to bypass password protection on administrative areas of a site . But Microsoft published a pretty nice article in it's knowledge base which shows "how to bypass the issue". Remember that after being authenticated by an ASP.NET form we usually create an authentication cookie which contains users credential and others importants information (like roles informations)
ASP.NET Canonicalization issues Many articles talk about ASP. NET canonicalization problem on the Net. But it seems to me like sometimes things are a little bit amplified. Canonicalization is the procedure that determine in which way many equivalent forms of a name are mapped to a unique form. The problem can be summarized by this : If a visitor to an ASP.NET site substitutes '\' or '%5C' for the '/' character in the URL, they may be able to bypass authentication screens. The technique may also work if a space is subsituted for the slash. Microsoft has published a pretty nice article that can be found there: http://support.microsoft.com/?kbid=887459 . The article shows "how to bypass" the canonicalization issue. Of course in the area of programming, nothing has to be taken as so: but anything must be tested. The C# coding exemple published was like this:
my herd Hi all : I have a herd of sheep genetically lazy. There just only one birth from one generation to another. To know how many sheeps in the herd for the x teen generation I just have to ++ the preceding number. So to perform this computing in a nice way I have overloaded the ++ operator for my HerdOfSheep class: it looks like this: namespace SheepOperatorsSample { public class HerdOfSheep { private int number; public int Number { get { return number; } set { number = value; } } public static HerdOfSheep operator ++ (HerdOfSheep myHerd) { myHerd.Number++; return myHerd; } } }
Adding c# server - side scripts in a Web form Sometimes we are confronted to the necessity of adding some scripts in web forms. An important case of this usage is when we desire to cope with some controls like Repeaters. Budi Kurniawan has writen a nicve article on this subject : you can find it there: http://www.ondotnet.com/pub/a/dotnet/2001/06/21/webforms.html
Reselecting a datagrid row after sorting it Hello boys ( and eventuals ladies), nice day right ? Drew has writen a nice article there http://weblogs.asp.net/dmarsh/archive/2003/01/22/646.aspx . It's about how to reselect a datagrid line after sorting it. You may read it it's really really nice.
Cacheability It could be sometimes usefull to prevent some web pages from being cached by the web browser so that when you use the back button of the browser you get the latest output from the server and not a cached one. Now we are going to see the main actions necessary for performing this task. In order to improve performance and because the experience has proven it's utility : web browsers generaly keeps cache of web pages they visit. If we nedd to stop such behavior here the way: Response.Cache.SetCacheability (HttpCacheability.NoCache); Response.Cache.SetAllowResponseInBrowserHistory(false); You may add these lines in the Page.Load event handler to see immediately the result. The firts method controls how documents are cached on the cache capable device by setting the Cache-Control HTTP header. "The second method SetAllowResponseInBrowserHistory indicates whether the response will be kept in browser History. Passing the value of false means the output will not be held in
Working with SUBVERSION SUBVERSION is a nice tool. I'me planning to use it because of projects acces sharing with our partners. Unfortunately lke all unix world tools you need to cope with command line instructions to make it work. There is a great link which can help you at : http://excastle.com/blog/ Jo explains clearly everythings and here is to place to say "thank you Jo for the great job you have done". Hey don't forget VSS : it's still a nice tool
Writing effective adapters for Biztalk Server Introduction Many people, both within Microsoft and in third-party companies, have written successful adapters for Microsoft® BizTalk® Server. This task can be difficult, and this paper is intended to present some of the "tricks of the trade" that these developers have learned, in the hope that these will help others avoid common problems. This document is structured as a set of issues that programmers face when writing adapters, and provides guidelines for resolving these issues. These guidelines can be read in any order, although you may find that reading the whole document first will make the individual guidelines easier to understand. Effective Writing for Adapters Much of the complexity in writing adapters for BizTalk Server is centered on the problems of batched operations and that is what we will look at first. Operations, Messages, Batching, and Transactions Adapters commonly support sending messages to and receiving messa