Posts

Session Hijacking Prevention

  Is it possible to steal a cookie and authenticate as an administrator? Yes it is possible, if the Forms Auth cookie is not encrypted, someone could hack our cookie to give themselves elevated privileges or if SSL is set to not required, copy some other person's cookie. Encrypting the session value will have zero effect. The session cookie is already an arbitrary value, encrypting it will just generate another arbitrary value that can be sniffed.   However, there are steps we can take to mitigate these risks: On the system.web/authentication/forms element: requireSSL=true. This requires that the cookie only be transmitted over SSL slidingExpiration=false. When true, an expired ticket can be reactivated. cookieless=false. Do not use cookieless sessions in an environment where are you trying to enforce security. enableCrossAppRedirects=false. When false, processing of cookies across apps is not allowed. protection=all. Encrypts and ha

Generic Methods

Generics in C# Generic in C# means common to or applicable to an entire class. As most of the developers think Generic is to define type-safe data structures without committing to actual data types, but is it the only reason why Generics are for? The answer is BIG NO . In this article we will focus on what other important aspect can be achieved in our daily programming by using Generic. We will see how to use Generic and avoid method overloading. The below program shows the use of method overloading to display content of int, double & char array. using System; class OverloadedMethods { static void Main(string[] args) { // create arrays of int, double and char int[] intArray = { 1, 2, 3, 4, 5, 6 }; double[] doubleArray = { 1.1, 2.2, 3.3, 4.4, 5.5, 6.6, 7.7 }; char[] charArray = { 'H', 'E', 'L', 'L', 'O' }; Console.WriteLine("Array intArray contains:"); DisplayArray(intArray); // pass an int array argumen

Microsoft Web Farm Framework: Microsoft Web Farm Framework

Microsoft Web Farm Framework Microsoft Web Farm Framework for IIS7 enables administrators to provision, scale and manage their web infrastructure Microsoft has released Web Farm Framework Beta, which enables us to easily provision and manage a farm of web servers. It enables to automate the installation and configuration of platform components across the server farm, and enables to automatically synchronize and deploy ASP.Net applications across them. It also supports integration with load balancers, enables to automate update across our servers so that our site/ application is never down or unavailable to customers. Web Farm Framework can be used to : Provision web platform and content Scale web infrastructure and resources using ARR and 3rd party load balancers Manage multiple servers or a farm using a unified interface Using Web Farm Framework to Provision and Scale a Web Farm The Microsoft Web Farm Framework enables you to easily define a “Server Farm” that you can a

Generic Methods: Generic Method

Generic Methods: Generic Method : " Generic in C# means common to or applicable to an entire class. As m..."

UML: UML Intro UML stands for Unified Modeling Languag...

 UML INTRO UML stands for Unified Modeling Language. UML is a graphical language for visualizing, specifying, constructing & documenting the artifacts of a software system. It is a standard language for designing and documenting a system in an object oriented manner. UML provides blue print for Business process, System functioning, programming language statements, Database schema & reusable components. UML is used in all phases of software development from Requirement Specification to Acceptance Test and from Designing a solution to Deploying/ Packaging. Modeling has been around for years not only in software field but also in other fields like Civil, Mechanical, etc. we get a model ready & approved before starting the production. Modeling makes complex system to break up into simple and discrete pieces that be individually understood. If we ask ourselves have we been doing/ following modeling, most of us would say NO. But all of us do modeling, the flow