V8 JavaScript Engine - 0 views
James Jardine : Developer Notes - 0 views
-
"Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."
Google Geo Developers Blog: June 2009 - 0 views
MarkerCluster for v3 Documentation: Examples - 0 views
Batch Geocode - 0 views
minify - 0 views
Multiple Gmail Inboxes - 0 views
Recreating the button - 0 views
xLazyLoader - 0 views
ICA Home | Our Building - 0 views
WWW SQL Designer - 0 views
flot - 0 views
Formy - CSS Framework - 1 views
Google Maps API Tutorial - 0 views
YouTube - GoogleAdManager's Channel - 1 views
YouTube .NET/C# API Reference - 2 views
« First
‹ Previous
81 - 100 of 114
Next ›
Showing 20▼ items per page