Group items tagged

"Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."

WeBlog is a blog module for Sitecore 6.2+. It is the successor to the EviBlog module. Features Windows Live Writer integration (MetaWeblog API) Page Editor support and custom WebEdit ribbon Wordpress Import CSS-based themes, with custom themes possible (one included) Various blog navigation components Comments (with author notification and optional approval workflow) Comment CAPTCHA through MSCaptcha or reCAPTCHA Gravatar Support Social sharing through ShareThis or AddThis, and other Facebook and Twitter widgets Tagging and tagcloud RSS Feeds (Sitecore Integrated RSS) Multi-server (staged architecture) support Globalized labels and messaging (English, Danish, Dutch, and Japanese translations provided) Most importantly, WeBlog has been architected to allow you to easily integrate it into your existing content and design, and to allow you to customize its templates and layout to your project requirements.

"Restore or repair the database"

Loaded our internal dev site and received the titled error. Apparently this happens sometimes when running DotNet 3.0 or 3.5 WCF features on a DotNet 4.0 framework.

Take an app offline very easily

"Load Testing a Virtual Web Application"