Group items tagged

Evented I/O for V8 JavaScript

"Viewstate (ASP.NET) ASP.NET has an option to maintain your ViewState. The ViewState indicates the status of a page when submitted to the server. The status is defined through a hidden field placed on each page with a control. Viewstate can be used as a CSRF defense, as it is difficult for an attacker to forge a valid Viewstate. It is not impossible to forge a valid Viewstate since it is feasible that parameter values could be obtained or guessed by the attacker. However, if the current session ID is added to the ViewState, it then makes each Viewstate unique, and thus immune to CSRF. To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event) protected override OnInit(EventArgs e) { base.OnInit(e); if (User.Identity.IsAuthenticated) ViewStateUserKey = Session.SessionID; } The following keys the Viewstate to an individual using a unique value of your choice. (Page.ViewStateUserKey) This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1. However, there are limitations on this mechanism. Such as, ViewState MACs are only checked on POSTback, so any other application requests not using postbacks will happily allow CSRF. "

Useful code snippet to log what is causing IIS site shutdowns. BOOM

Plugin to bind to changes in the URL hash (like for deep-linking)

Latest cool prototypes from Sitecore US lab Alex Shyba Solution Architect Sitecore Oct 19, 2011 Noon Pacific, 3:00 PM Eastern, 8:00 PM UK. Alex will be showing some of the latest Shared Source components that he has been working on. Alex Shyba has been with Sitecore for more than 6 years. His primary role is helping implementation partners in North America build successful solutions on Sitecore platform. Whenever he is not reading car magazines, Alex enjoys exploring dark corners of Sitecore by reading kernel code from Reflector and building cool prototypes. Alex maintains one of the oldest Sitecore blogs at http://sitecoreblog.alexshyba.com/ where he shares his ideas about ways to implement Sitecore and provides recommendations on various aspects of the product. You can connect with Alex on Twitter @alexshyba. Video from the presentation