|
|
|
Browse Blog Posts by Tags
-
Thanks for those of you who attended my talks last week in London. The ASP.NET Attack and Defence talk covered SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). The first two have downloadable demos and labs as part of my input validation module series. I don’t yet have...
-
Eric is one of our newest instructors, and he’s got a new blog on our website . Here’s what he’s got to say about himself: “Eric Burke is a member of the technical staff at Pluralsight, where he focuses on WPF and Silverlight . Eric is also a Principal Technical Yahoo! at Yahoo!, Inc., where he is a...
-
I've been thinking a lot lately about password management. I'm not talking about how a user manages the myriad of passwords she's stuck with, but rather how a system (e.g., a website) should go about accepting, storing, and protecting the password she chooses to use with that system. Face...
-
I've been getting a bit behind on my blog reading. So the other day, I took it upon myself to read some older posts on some of my favorite blogs. And a couple of items resonated with me enough that I decided to take some action. This recent item from Scott Hanselman lead me to his outline of favorite...
-
From Coding Horror , originally from CWE/SANS , this is a list that every developer should review from time to time. If you work on software in any capacity, at least skim this list. I encourage you to click through for greater detail on anything you're not familiar with, or that piques your interest...
-
I just fired up my first WPF project since I installed VS 2008, and intellisense wasn't working in my XAML files. Like many other graybeards, I prefer to edit XAML files in the XML editor, rather than the designer. But I can't live without intellisense! If yours is broken, the trick to fix it...
-
I recently published Self-Cert , a tool that makes it really easy to generate self-signed certificates using the CryptoAPI. What's nice about it is that it has a .NET class library underneath it that makes it easy to do this programmatically from managed code as well. The code is currently using...
-
Mike Woodring sent me an email today. He was concerned that a website that he frequents wasn't doing such a good job storing passwords. He pointed out that by clicking a button, you could get your password emailed back to you. After talking with someone at the website, he discovered that at least...
-
IIS is currently rejecting self-signed certs made with the Self-Cert tool . Actually, you can install the cert into IIS, but when a client connects, IIS will refuse to set up the SSL tunnel. So far I believe the problem is that my certs aren't getting an Authority Key Identifier extension, (CertCreateSelfSignCertificate...
-
It's a bit of a pain to create self-signed certs using MAKECERT. So here's a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates. And it's factored so that you can use the underlying library standalone - you can easily create...
-
Today I spent some time exploring WLID's new SDK that allows you to support WLID authentication in a website of your own. I got it working pretty quickly in a test website, and it works quite nicely. So now I'm a bit curious. There's a section in the Introduction to Windows Live ID that talks...
-
As I've been fleshing out the reporting infrastructure for Pluralsight On-Demand! I've been finding Linq incredibly useful. And what's great is that I've been able to round out my knowledge by watching a few modules of Scott Allen 's most excellent online Linq class . I've found...
-
Over the last couple of years, I've worked on websites that support both HTTP and HTTPS, and it's always tricky to find a balance between security and usability. Dominick wrote an excellent article about this awhile back, suggesting that allowing ASP.NET to make the choice between HTTP and HTTPS...
-
The other day I was working on a website that uses ASP.NET health monitoring to log unhandled exceptions. This system sends email to the devs when exceptions occur so that they can track down the problem. Their website is constantly getting better as they strive to reduce those emails. This works great...
-
For those who didn't attend PDC, the Zermatt identity framework has been re-code-named Geneva Framework so that it fits in with the Geneva family of products : Geneva Framework : a .NET class library called Microsoft.IdentityModel (basically it's an updated Zermatt) Geneva Server : This is essentially...
|
|
|
|
|