The Morning Brew #689
Posted by Chris Alcock on Monday 20th September 2010 at 07:23 am | Tagged as: .NET, Development, Morning Brew
IMPORTANT: ASP.NET Security Vulnerability
If you run ASP.NET websites, you need to pay attention to the contents of this section:
- Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure – The official Microsoft Advisory about the publicly reported ASP.NET encryption attack which can result in private data disclosure. At the time of writing there is no fix available, so the recommendation is to implement the workaround involving the use of custom error pages.
- Important: ASP.NET Security Vulnerability – Scott Guthrie discusses the issues surrounding the vulnerability, the workaround, and also highlights forums for raising questions about this specific issue.
- Fear, uncertainty and and the padding oracle exploit in ASP.NET – Troy Hunt looks into the exploit which enables this vulnerability, discussing what is meant by an ‘Oracle Attack’ (nothing to do with Oracle Databases), shares the video showing what can be achieved by an attacker using this exploit against .NET Nuke and discusses the workaround
- ASP.NET Custom Errors Security Flaw – Steve Smith takes a look at the steps to protect yourself using the official workaround.
Software
- Pex and Moles v0.94: MSBuild support for Moles – Jonathan "Peli" de Halleux announces the latest release of the Pex and Moles project which brings with it support for the inclusion of support for Moles in MSBuild, removing the requirement to check in generated code allowing the tooling to run well under TFS.
- jQuery UI on the Microsoft CDN – Stephen Walther highlights the inclusion of jQuery UI 1.8.5 on the Microsoft Ajax Content Delivery Network, a free to use CDN for a variety of JavaScript libraries, offering you a way to increase the performance of your sites by including common resources from the public CDN
- Windows Phone Training Kit has been updated – Alex Yakhnin highlights the release of an updated version of the Windows Phone 7 Training Kit, updated to reflect the changes in the RTM version of the developer tooling.
Information
- Best Practices for ASP.NET MVC – The ASP.NET and Web Tools Developer Content Team share a collection of ASP.NET MVC best practices based on a document from Ben Grover. This post covers best practices for Models, Views, Controllers, Routing, Extensibility, Testability, Localisation and Globalisation, Security and Performance.
- Published Software Design Patterns For Everyone Ebook – Anoop Madhusudanan releases an collection of a number of his blog posts on Patterns as a 30 page e-book. The e-book looks at the creation of a ‘Soccer Engine’ and looks at how patterns can be applied to a variety of development problems .
- Code rant: Implementing a "Money" type in an ASP.NET MVC and NHibernate application. – Mike Hadlow re-visits the Money example from Kent Beck’s Test Driven Development book, exploring its implementation in an ASP.NET MVC application with an NHibernate data access backend
- Inversion of control (IOC containers) .NET IOC patterns – Viacheslav Agafonov explores the concepts of Inversion of Control, discussing the variety of implementation of Inversion of Control Containers discussing their performance, looks at the importance of their use in providing good testability, and exploring a simple implementation of an IoC container
- Dependency injection options for Windows Workflow 4 – Rory Primrose discusses two options for bringing Dependency Injection to the world of Windows Workflow
- Non-iterable collection initializers – Jon Skeet discusses some limitations of Collection Initializers which can force you to partially implement the IEnumberable Interface, and proposes a couple of better alternatives which could be implemented in the language (or possibly as AOP).
- Writing Windows Shell Extension with .NET Framework 4 (C#, VB.NET) – Part 1 – All-In-One Code Framework Team take a look at creating a Windows Shell Extension using managed code, and explore a simple sample which adds an extension to the context menu.
- Silverlight, Out-Of-Browser and Multiple Windows – Mike Taulty explores the possibility for multiple windows in a Silverlight Application, looking at communication between multiple instances of an application to simulate MDI, and looks at the further complications of Out of Browser support.
- Windows Phone 7 Developer Tips and Tricks – Tim Heuer shares a collection of tips and tricks tweeted by Jeff Wilcox on the subject of Silverlight Development on the Windows 7 Phone
- Cloud + Device: Combine the power of Windows Azure, IE 9, and Windows Phone 7 – Part 1 , Part 2 & Part 3 – The Windows Azure Technical Forum Support Team discuss the importance of the Internet Explorer 9 and Windows Phone 7 releases last week to the vision for Azure, and how they support the principle ‘The cloud wants smarter devices’
- Refactoring Step-Wise vs Wrapping and Delegating – John Sonmez takes a look at two processes for refactoring code to remove static method dependencies, discussing which is the better technique
Comments Off on The Morning Brew #689