Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Search Forums
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Welcome to the p2p.wrox.com Forums.

You are currently viewing the section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Showing results 1 to 9 of 9
Search took 0.02 seconds.
Search: Posts Made By: blowdart
Forum: BOOK: Beginning ASP.NET Security April 17th, 2012, 01:52 PM
Replies: 1
Views: 2,637
Posted By blowdart
"The App_Data folder is configured so that any...

"The App_Data folder is configured so that any file it holds cannot be accessed via the browser"

The key here is "via the browser". You cannot, for example, load...
Forum: BOOK: Professional ASP.NET MVC 3 October 13th, 2011, 01:45 AM
Replies: 2
Views: 1,801
Posted By blowdart
So this is my fault, as I'm the owner of AntiXSS....

So this is my fault, as I'm the owner of AntiXSS. When Jon was writing that chapter we had planned to release 4.1 before the book. Unfortunately we've not managed that as yet (for various...
Forum: BOOK: Beginning ASP.NET Security February 14th, 2011, 05:12 PM
Replies: 5
Views: 2,048
Posted By blowdart
Not really - because an example would make too...

Not really - because an example would make too many assumptions about workflow within a target system (or end up needing a database to demonstrate etc.), there's no way beyond the steps to make it...
Forum: BOOK: Beginning ASP.NET Security February 14th, 2011, 04:22 PM
Replies: 5
Views: 2,048
Posted By blowdart
You'd put it before you store the data somewhere,...

You'd put it before you store the data somewhere, for example, a database. The demo scripts don't do storage, hence it's hard to put it in that example.

If you look at the step by step process...
Forum: BOOK: Beginning ASP.NET Security February 14th, 2011, 02:45 PM
Replies: 5
Views: 2,048
Posted By blowdart
Well there's code in page 130. Basically you're...

Well there's code in page 130. Basically you're computing a checksum on the data, via the GenerateMac() function and checking it with IsMacValid().

So you generate a key for validation using the...
Forum: BOOK: Beginning ASP.NET Security January 21st, 2011, 09:28 AM
Replies: 2
Views: 3,844
Posted By blowdart
I'd suggest pulling the code from...

I'd suggest pulling the code from anticsrf.codeplex.com (http://anticsrf.codeplex.com), it's a more fleshed out version of the module.
Forum: BOOK: Beginning ASP.NET Security December 28th, 2010, 01:48 PM
Replies: 1
Views: 2,722
Posted By blowdart
I'd say yes, as you're not filtering ampersands,...

I'd say yes, as you're not filtering ampersands, or \0x character literals, or a few of the other ways of trying to embed <> signs in order to run scripts.

Encoding at the point of rendering won't...
Forum: BOOK: Beginning ASP.NET Security August 5th, 2010, 02:19 AM
Replies: 3
Views: 3,227
Posted By blowdart
If you're using IIS7 it will be at the bottom of...

If you're using IIS7 it will be at the bottom of the web.config.

You might want to pick up the latest code from http://anticsrf.codeplex.com/

If you're using IIS6 then it doesn't exist/get used;...
Forum: BOOK: Beginning ASP.NET Security August 5th, 2010, 01:42 AM
Replies: 3
Views: 3,227
Posted By blowdart
Oh, yes, that would be the wrong initialization...

Oh, yes, that would be the wrong initialization string.

You'll need to use

<system.webmodules>
....
<modules>
<add name="AntiCSRF.AntiCSRF" preCondition="managedHandler"
...
Showing results 1 to 9 of 9

 


All times are GMT -4. The time now is 12:20 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.