Articles : Page 1 of 1

  • 6 Ways To Avoid Mass Assignment in ASP.NET MVC

    6 Ways To Avoid Mass Assignment in ASP.NET MVC

    Mar 12
    12

    One of the scenarios that I always demonstrate during an ASP.NET MVC class is how to create a mass assignment vulnerability and then execute an over-posting attack. It is a mass assignment vulnerability that led to a severe problem on github last week. Let's say you have the following model. public class User { public string FirstName { get; set; } public bool IsAdmin { get; set; } } When you want to let a regular user change their first name, you give them the following form. @usin...

  • What Is The Spirit of Open Source?

    What Is The Spirit of Open Source?

    Feb 12
    22

    In my last post, I attempted to make a distinction between Open Source and Open Source Software. Some folks took issue with the post and that’s great! I love a healthy debate. It’s an opportunity to learn. One minor request though. If you disagree with me, I do humbly ask that you read the whole post first before you go and rip me a new one. It was interesting to me that critics fell into two opposing camps. There were those who felt that it was was disingenuous for me to use the term “open ...

  • A Really Empty ASP.NET MVC 3 Project Template

    A Really Empty ASP.NET MVC 3 Project Template

    Jan 12
    11

    In the ASP.NET MVC 3 Uservoice site, one of the most voted up items is a suggestion to include an empty project template. No, a really empty project template. You see, ASP.NET MVC 3 includes an “empty” project template, but it’s not empty enough for many people. So in this post, I’ll give you a much emptier one. It’s not completely empty. If you really wanted it completely empty, just choose the ASP.NET Empty Web Application template. The Results I’ll show you the results first, and then t...

  • OSS and .NET Year In Review 2011

    OSS and .NET Year In Review 2011

    Dec 11
    26

    T’is the season for “Year in Review” and “Best of” blog posts. It’s a vain practice, to be sure. This is exactly why I’ve done it almost every year! After all, isn’t all blogging pure vanity? Sadly, I did miss a few years when my vanity could not overcome my laziness. This year I am changing it up a bit to look at the intersection of open source software and the .NET community in 2011. I think it’s been a banner year for OSS and .NET/Microsoft, and I think it’s only going to get better in 20...

  • 1