About

I'm Mike Pope. I live in the Seattle area. I've been a technical writer and editor for over 30 years. I'm interested in software, language, music, movies, books, motorcycles, travel, and ... well, lots of stuff.

Read more ...

Blog Search


(Supports AND)

Google Ads

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

Quote

I have known happiness, for I have done good work.

— Robert Louis Stevenson



Navigation





<November 2017>
SMTWTFS
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789

Categories

  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  

Contact

Email me

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 11/17/2017

Totals
Posts - 2460
Comments - 2563
Hits - 1,999,326

Averages
Entries/day - 0.47
Comments/entry - 1.04
Hits/day - 380

Updated every 30 minutes. Last: 8:04 PM Pacific


  03:17 PM

Just a note that we just posted a whitepaper [PDF] written by the super-smart Stefan Schakow that discusses various ways in which ASP.NET 4 lets you extend security. For example, the paper describes:
  • How to specify various encryption algorithms for the <machineKey> section, including a custom class. (IOW, you can specify custom encryption for cookies, viewstate, etc.) There's now an API to manage custom encryption programmatically as well.

  • How to share forms authentication tickets between ASP.NET 2.0 and ASP.NET 4.

  • How to customize the security checks that are performed on incoming URLs. The security checks have been made pluggable so that you can use custom code for tasks like checking the length of the URL, checking for invalid or dangerous characters in the URL (for example, you can allows some characters that would be rejected by default), and matching portions of the URL to physical paths.

  • How request validation has changed for ASP.NET 4 and how to create a custom request-validation check.

  • How to use custom classes to encode HTML markup, headers, and URLs.

[categories]  

|