ASP

Amazon makes efficiency a web developer’s friend {2}

by Ermie C
This article is exactly what it says because Amazon has given resources for web developers that make it easier for them to create their web applications for their Amazon account.  It’s called Amazon Web Services or AWS, and it allows Javascript, jQuery, ASP.NET, PHP, and Java.  The platform is called Elastic Beanstalk and uses the Windows Server 2008 R2 AMI(Amazon Machine Image).  They mention, “Elastic Beanstalk then automatically takes care of deployment details such as capacity provisioning, load balancing, auto-scaling and application health monitoring, according to the company.”  This means that everything will be taken care of, as their applications are uploaded into the Amazon cloud. read more...

How Data Binding Works {2}

by Michael M
Data binding is the process that retrieves data from a given data source and associates it to attributes of the User Interface elements. Data binding gets data from the middle tier of an application and displays it in a nice looking html format. When you use data binding expressions with ASP.Net controls, behaviors are attached to the controls life cycle through the Data Binding event handlers. As developers of our web pages we have the power the trigger data binding events for individual controls or if we want to we can make it trigger all controls within the page. If you want to call for data binding you would use, <%# … %> and the data binding expression will update themselves if you do not want to call data bind, you can create a new page class that overrides the on load method. Data binding expressions can only be used with ASP.Net control markup and require you to call to the Data bind method. read more...

How Secure is the Information when Passing Between ASP and ASP.NET? {6}

by Jamal A
The article I read talks about how user can transfer information between systems using ASP.NET in multiple ways; however, many are complicated, or insecure. For example, many data transfer methods pass information in plain text, which makes the data vulnerable to both interceptions. However, some methods were introduced in this article that interact with data used in both ASP and ASP.NET applications. According to the author, developer can achieve this by using the same methods of encrypting and data-packaging in ASP.NET as in classic ASP in other words, by calling .NET code via COM from classic ASP pages. The article further explained, how ASP and ASP.NET data sharing works. According to the article, there are two most common ways to transfer data in an ASP/ASP.NET. The first is a system in which servers transfer data based on a key provided by clients. This unique key identifier allows the two servers to contact each other directly and exchange the necessary information. However, the way second method was explained in this article was slightly difficult to comprehend. It says that instead of passing a unique token through the client, the data itself will be encrypted and transferred via the client to its destination server. Which was slightly unclear for me to fully understand how? However, the article explained that DataManager. DLL is the central part of this type of application that manages the setting and encryption of key value pairs. The article further explained that the Inside of the DataManager.dll file, the Encryption class contains all the methods needed to encrypt data that will be transferred via the client. read more...

Patches: >.< {1}

by Caezar M

Summary:

In the classic story that we CANNOT do anything right the first time it was announced that a patch for ASP.NET actually doesn’t help security that much at all. Microsoft released a patch that was supposed to resolve security issues for  ASP.NET and right after a hacker published a vulnerability on how to create havoc within those servers causing massive Denial of Service (DoS). now when we normally think of DoS we think that someone using massive ammounts of infected computers to simultaniously request information from one source causing the server to crash. well….this is not as cool but infinitely more effective. so basically this patch allows for a HTTP request of ~100kb to consume 100% ….wait can i modify text in here?….. read more...

HTTPS under Attack {Comments Off on HTTPS under Attack}

by Boshi W
HTTPS might not be as secure as it claims to be according to a news article by informationweek early September. Apparently, attackers can abuse a exploit in SSL/TLS implentation and issued false credentials for many popular sites like Gmail and Windows update. Luckily, these exploits were built by security reseachers to illustrate the safety of the browsers. “Juliano Rizzo and Thai Duong have built a tool that’s capable of decrypting and obtaining the autehtication toekns and cookeies used in many websites HTTPS requests”, Schwarts informed, “and many sites relying on SSL/TLS for security can be easily infiltrated and bypassed.” Even the top secure Paypal authentication cookies can be decoded, leading to decrypted account infos and access privilege. read more...

Choosing ASP.NET MVC {Comments Off on Choosing ASP.NET MVC}

by Omar N.

In the article titled “Which ASP.NET is Better?”, the older ASP.NET Web Form is compared to the newer ASP.NET MVC framework. Although the new framework offers many modern advantages, the author advocates that moving to ASP.NET MVC may not be worth it for web developers because, at the core level, the two are nearly identical. The newer ASP.NET also advertises itself as making it easier to produce cleaner code through its debugging process. This is accomplished by having the ability to isolate certain parts of the code and making it more noticeable where an error may exist. The author argues that the chance of writing bad code is nearly the same between the two, but MVC just makes it easier to diagnose. read more...