Articles : Page 1 of 2
-
6 Ways To Avoid Mass Assignment in ASP.NET MVC
Mar 1212One of the scenarios that I always demonstrate during an ASP.NET MVC class is how to create a mass assignment vulnerability and then execute an over-posting attack. It is a mass assignment vulnerability that led to a severe problem on github last week. Let's say you have the following model. public class User { public string FirstName { get; set; } public bool IsAdmin { get; set; } } When you want to let a regular user change their first name, you give them the following form. @usin...
-
What Is The Spirit of Open Source?
Feb 1222In my last post, I attempted to make a distinction between Open Source and Open Source Software. Some folks took issue with the post and that’s great! I love a healthy debate. It’s an opportunity to learn. One minor request though. If you disagree with me, I do humbly ask that you read the whole post first before you go and rip me a new one. It was interesting to me that critics fell into two opposing camps. There were those who felt that it was was disingenuous for me to use the term “open ...
-
Open Source and Open Source Software Are Not The Same Things
Feb 1216It all started with an innocent tweet asking whether ASP.NET MVC 3 is “open source” or not? I jumped in with my usual answer, “of course it is!” The source code is released under the Ms-PL, a license recognized that the OSI legally reviewed to ensure it meets the Open Source Definition (OSD). The Free Software Foundation (FSF) recognizes it as a “free software license”1 making it not only OSS, but FOSS (Free and open source software) by that definition. Afterwards, a healthy debate ensued on...
-
Abstracting away issues of HttpContext from your ASP.NET MVC controllers
Feb 1203I've noticed that I write software in one of three modes: For myself: Shortcuts, less testing, not well-factored. For myself but in public: Mostly POP Forums, which I try to avoid letting it suck since others will use it and see the code. For sharing: Any day job or gig where others will use or maintain your code. You don't want to unleash crapsauce on others. I have to admit that second case isn't the most clean of endeavors. While I'm generally happy with the forum app and the feedba...
-
NuGet Package of the Week #9 - ASP.NET MiniProfiler from StackExchange rocks your world
Jul 1122I LOVE great debugging tools. Anything that makes it easier for me to make a site correct and fast is glorious. I've talked about Glimpse, an excellent firebug-like debugger for ASP.NET MVC, and I've talked about ELMAH, and amazing logger and error handler. Now the triad is complete with MiniProfiler, my Package of the Week #9. Yes, #9. I'm counting System.Web.Providers as #8, so phooey. ;) Hey, have you implemented the NuGet Action Plan? Get on it, it'll take only 5 minutes: NuGet Action...
-
A first look at Windows Azure AppFabric Applications
Jul 1107After the Windows Azure AppFabric team announced the availability of Windows Azure AppFabric Applications (preview), I signed up for early access immediately and got in. After installing the tools and creating a namespace through the portal, I decided to give it a try to see what it’s all about. Note that Neil Mackenzie also has an extensive post on “WAAFapps” which I recommend you to read as well. So what is this Windows Azure AppFabric Applications thing? Before answering that question, le...
-
A Simple Example That's Incredibly Complex
Jun 1130I was reading through my RSS feeds and email, just having returned from Paris and I was asked to take a look at a project from Microsoft Spain up on Codeplex. In reading the summary, it looks to be a sample application utilizing some high-end tricks from DDD (emphasis mine): This project is a sample implementation of most used patterns in Domain Oriented Architectures based on simple scenarios easy to understand (Customers, Orders, Bank Transfers, etc.).It is an Educational example, not a r...
-
ASP.NET MVC and the Managed Extensibility Framewok on NuGet
Feb 1101If you search on my blog, theres a bunch of posts where I talk about ASP.NET MVC and MEF. And whats cool: these posts are the ones that are actually being read quite often. Im not sure about which bloggers actually update their posts like if it was software, but I dont. Old posts are outdated, thats the convention when coming to my blog. However I recently received a on of questions if I could do something with ASP.NET MVC 3 and MEF. I did, and I took things seriously. Im not sure if you kno...
-
Tools for the lazy: Templify and NuGet
Jan 1107In this blog post, I will cover two interesting tools that, when combined, can bring great value and speed at the beginning of any new software project that has to meet standards that are to be re-used for every project. The tools? Templify and NuGet. You know the drill. Starting off with a new project usually consists of boring, repetitive tasks, often enforced by (good!) practices defined by the company you work for (or by yourself for that company). To give you an example of a project Ive...
- 1
- 2
