SecurityRatty: Security Briefs

Null Strings in ASP.NET Declarative DataSource Updates

2008-08-29 15:42:47 by keith-brown in Security Briefs

I just spent about 15 minutes debugging a problem where a document was getting unexpected nulls where empty strings should have been. Indeed controls like the TextBox have code in them that allows you to set the Text property to null and the TextBox will convert that into an empty string. So it's a bit counterintuitive that the declarative data...

Tags: strings, declarative data source, empty strings, null, empty, xml schema designs, textbox, text property, nulls

Serializable XmlDocument

2008-08-19 02:58:00 by keith-brown in Security Briefs

It's surprising that XmlDocument isn't marked [Serializable], because it's very natural to serialize one into a stream. I wanted to put an object into ASP.NET ViewState the other day, and quickly ran into this roadblock, because part of the object included an XmlDocument, which is not serializable. A quick search revealed that most people deal...

Tags: public class item, public, public void getobjectdata, public static byte, xmldocument, return doc, return, static byte, public class

Two-way formatted data binding in ASP.NET

2008-08-15 20:22:37 by keith-brown in Security Briefs

Two way data binding in ASP.NET is easy, just use the Bind expression and data will flow between your web controls and your data source flawlessly. Until that is, you try to use a format string Bind("AmountCharged", "{0:C While this displays just as you'd expect (e.g., $200), it doesn't do so well when you submit an edit that includes the same...

Tags: data, data amountpaid, amountpaid, data-bound control, decimal amountpaid, return decimal, return, data source flawlessly, decimal

Where to get Password Minder

2008-08-05 17:00:00 by keith-brown in Security Briefs

We recently updated our website and some links have broken as a result. Here's the place you should go to get the latest version of Password Minder http://mercury.pluralsight.com/tools.aspx Sorry for any inconvenience

Tags: password minder, website, recently, version, pluralsight, inconvenience, aspx, mercury, links

Better exception reporting in ASP.NET part 2

2008-08-04 14:11:14 by keith-brown in Security Briefs

...Information .ApplicationVirtualPath)); formatter.Indent(); EmitExceptionAtAGlance(formatter, errorEvent.ErrorException); formatter.RevertIndent(); formatter.AppendLine(); formatter.AppendLine( "Exception stack trace(s):" ); EmitExceptionStackTrace(formatter, errorEvent.ErrorException); formatter.AppendLine(); formatter.AppendLine( "Event...

Tags: return, return subjectbuilder, return formatter, exception, formatter, crazy formatter, static void, static void emitprocessinfo, return null

Twisted Coronas

2008-08-02 17:33:51 by keith-brown in Security Briefs

Okay it's Saturday, so let me share something completely nontechnical and fun What you need to make these cocktails: Six pack of Corona Extra Bottle of Bacardi Limon Lime Coctail stirrer (a chopstick works fine Pop a slice of lime into a Corona and hand to a friend. Have them drink the neck, then refill with Bacardi Limon (putting the lime in...

Tags: limon, bacardi limon, drink, tasty drink, lime, corona extra, corona, blue moon, favorite beers

Comments

2008-08-01 21:38:00 by keith-brown in Security Briefs

We recently switched our blog engine out, and I'm still getting the hang of the new system. Looks like due to a misconfiguration, several comments have been waiting for moderation for days or weeks. If yours was one of them, please accept my apology - I didn't have email notifications turned on, so I wasn't being notified that comments were...

Tags: comments, email notifications, blog engine, due, recently, accept, system, fixed, confusion

Better exception reporting in ASP.NET

2008-08-01 20:30:05 by keith-brown in Security Briefs

In my last post , I commented on how ASP.NET health monitoring doesn't output stack traces for inner exceptions, which can be problematic due to its heavy reliance on reflection. I spent the morning doing some further spelunking with reflector , and my first solution was to implement a custom WebEvent that overrides ToString() to format itself...

Tags: error event, event, provider, default event, email provider calls, event log provider, provider include, custom email provider, output stack traces

ASP.NET Health Monitoring doesn't log inner exception stack trace

2008-08-01 16:21:00 by keith-brown in Security Briefs

This can be a problem, especially when an ObjectDataSource starts throwing exceptions. The stack trace looks the same because of the way the methods are invoked (via reflection) - you end up with a stack trace for a TargetInvocationException, which basically says, "I used reflection to invoke some method, and it threw an exception. See the inner...

Tags: exception stack trace, exception, stack trace, net, net web event, asp, exceptions, solution, cleaner solution

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo