Welcome to the Lounge
For lazing about and discussing anything in a software developer's life that takes your fancy.
The Lounge is rated PG. If you're about to post something you wouldn't want your kid sister to read then don't post it. No flame wars, no abusive conduct and please don't post ads.
Technical discussions are welcome, but if you need specific help please
use the programming forums.
|
|
 |
|
Funny thing is we already have licenses. We just need the personnel to perform the upgrades. I'm just a web monkey; they don't (usually) let me install stuff on the servers. They already have plenty of DBA's, software engineers, and license managers to avoid installs as long as possible. 
|
|
|
|
|
Or you could use Mono and their tools or other open source alternatives, if you want to run your stack on FOSS.
Microsoft has arguably the best dev tools around, if you're willing to pay the costs. If not, you can mix and match, but you'll get out of the highway and into the country trails...
'I'm French! Why do you think I've got this outrrrrageous accent?' Monty Python and the Holy Grail
|
|
|
|
|
I get an email whenever there's an error on my webapps. We recently initiated a service to do Red-Siren testing; e.g., testing for any security issues.
Got an error message today.
Of most interest, and danged funny at that, is the unedited, verbatim "Error Message" from Microsoft's lovely .NET Framework ... (emphasis added)
URL: https : / / www.RedactedWebSite.com /SomeWebApp/ThatLoginPage.aspx?ReturnUrl=%2fSomeWebApp%2fDefault.aspx%3faction%3dppr&action=ppr%3CScript%20%3Ealert(%22HelloSIG%22)%3C/Script%3E
Error Date: [redacted]
Error Message: A potentially dangerous Request.QueryString value was
detected from the client (action="ppr<Script >alert("Hell..."
Albeit a little late (going on 7+ years of .NET programming...), thanks for the warning Microsoft!
|
|
|
|
|
Its not .NET's fault, its actually a XSS attack, that the tool is testing for. What the tool is saying, is that you should validate the input before that URL has a chance to be generated. You can cause a lot of problem for your users if you have XSS vulnerabilities, its what virus writers use to spread the virus over the internet.
You should raise this as a serious bug with the original developers.
|
|
|
|
|
Ziggy - if the guy can't even distinguish whether this is a .NET problem or a scripting problem - it's unlikely he/she can/will be able to protect his/her apps/enterprise he/she is working for.
dev
|
|
|
|
|
Agreed. However teaching people what that error message actually means, and what he needs to do to avoid those errors benefits all of us.
XSS is possible in this site as well (example is this), so its not a common problem that every developer knows about.
|
|
|
|
|
reminds me olden days they used to say "COM is Love"
dev
|
|
|
|
|
|
lol sorry dude my mistake!
dev
|
|
|
|
|
Also they actually call this type of testing, Pen[etration] testing, never heard of Red-Siren testing.
|
|
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin
Submit an article or tip
Post your Blog
If some don't agree of the humor-angle, no apologies are offered for the faining upon anyone's sacred .NET altar.