PlaceHolder/Panel Visibility, ViewState on Security and Performance

It is not unusual to see a solution where use of asp:Placeholder and asp:Panel Visibility is employed to show/hide certain details from the user. When implementing a simple Authorization/Permission features[more], it would also be tempting to use such approach. (mentioned simple since there are likely more complicated but better ways to do it) Of course ...

BlogEngine.NET version 1.3.0.0 critical security patch

A security flaw was identified for BlogEngine.NET version 1.3.0.0 and the team was quick enough to announce and release a patch. Check the following link for details: Critical Security Patch Available [more] It is unfortunate that the issue could not have been handled more discretely.  If you are blogger writing about the issue, we'd hope ...

Encrypting configuration information in .NET (web/windows)

There are a number of articles on encrypting configuration information for ASP.NET (eg. an article by Scott Michelle (an authority in security)) using aspnet_regiis (pe or pef switches) or in code using DPAPI. Although almost same principles apply, not much I believe is written for windows so since Job Galloway wrote a post recently on ...

Link: Security Development Lifecycle (SDL) Guidance Download

For those not subscribed to Microsoft Security Bulletin, you might be interested to know that Microsoft just released their SDL Guidance (as of 4/9/2008 according to the download detail) Security Development Lifecycle (SDL) Guidance Download Link [more] Overview As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft is making the details ...

Minimum Permission Required for Assembly

A jumpstart on security your applications by determining and applying only the minimum required permissions. [more] I ran into this thread on Resetting your web application or web site without recycling app pool or IIS. just recently. The basic idea of the first option for achieving its goal is to call "HttpRuntime.UnloadAppDomain();". Interestingly there's a ...

ZoneAlarm and localhost

Regardless of privacy settings, ZoneAlarm will always rejects cookies when using localhost. Something that is not very developer friendly. The work-around is to use 127.0.0.1 instead. If you are using Visual Studio, you can set whether to use IIS and have the starting url to use 127.0.0.1. At least that how it works for ASP.NET ...