Why is using the JavaScript eval function a bad idea?
The eval function is a powerful and easy way to dynamically generate code, so what are the caveats? Solution: Improper use of eval opens up your code for injection attacks Debugging can be more...
View ArticleWill web browsers cache content over https
Will content requested over https still be cached by web browsers or do they consider this insecure behaviour? If this is the case is there anyway to tell them it’s ok to cache? Solution: By default...
View ArticleClik here to view.
How do Google+ +1 widgets break out of their iframe?
Somehow, hovering over a Google+ plus-one widget can introduce a tooltip-type deal that is clearly larger than the <iframe> element in which it is contained. Iâve inspected the DOM to confirm...
View ArticleRNGCryptoServiceProvider – generate number in a range faster and retain...
First I’m on a phone so please forgive poor formatting! I’ve done a lot of searching now and found no definitive answer to this. If there isn’t one, fair enough, but I’m sure somebody smarter than I...
View ArticleClik here to view.
How does this giant regex work?
I recently found the code below in one of my directories, in a file called doc.php. The file functions or links to a file manager. It’s quite nicely done. Basically, it lists all the files in the...
View Article.NET obfuscation tools/strategy [closed]
My product has several components: ASP.NET, Windows Forms App and Windows Service. 95% or so of the code is written in VB.NET. For Intellectual Property reasons, I need to obfuscate the code, and until...
View ArticleWhere do you store your salt strings?
I’ve always used a proper per-entry salt string when hashing passwords for database storage. For my needs, storing the salt in the DB next to the hashed password has always worked fine. However, some...
View ArticleClik here to view.
What’s with those Do-Not-Use JavaScript People? [closed]
I really don’t understand what the problem is with those people who ask you not to use JavaScript on your site. I went through all sorts of trouble trying to remove a couple of JavaScript scripts I...
View ArticleWhy do people put code like “throw 1; ” and “for(;;);” in front of json...
Possible Duplicate: Why have âwhile(1);â in XmlHttpRequest response? Why does Google prepend while(1); to their JSON responses? Google returns json like this: throw 1; <dont be evil> { foo:...
View ArticleWhat are the most common security mistakes programmers make? [closed]
There are the obvious wtfs that make the headlines such as SQL injection, authentication in JavaScript but are there other more fundamental and common errors programmmers tend to make when writing...
View Article
