Posts tagged security

There are 3 posts for the tag security

Updated Anti-XSRF Validation for ASP.NET MVC 4 RC

In our project, we’ve been using Phil Haack’s method for preventing cross-site request forgeries for JSON posts by inserting the request verification token as a header in the request, and then using a custom ValidateJsonAntiForgeryToken attribute to validate it. And it’s been working just fine. However, with the recent release of ASP.NET 4 MVC RC, it didn’t work anymore. To my initial dismay, it didn’t even compile anymore. Turns out that the method, AntiForg...

Posted by johan on June 05, 2012

Pass phrase generator in Swedish

Some time ago, the XKCD comic had a strip (below) about why pass phrases makes a hell of a lot better passwords than the standard passwords that many systems force us to use. I really liked the idea, and tried to use phrases instead. As it turns out though, it’s pretty hard to come up with random phrases on your own. They are not particularly random. Luckily, Jeff Preshing felt the same, and created passphra.se, where you can generate random pass phrases in English, Spanish or French. So I’ve be...

Posted by johan on February 19, 2012

Security flaw in EPiServer plugins?

This post was originally published on http://labs.dropit.se/blogs. A colleague of mine - let's call him Erik Nilsson, since that is his name - recently came across a potential security problem when creating your own edit och admin plugin to EPiServer. Unfortunately, he's too shy to write a post about it, so I'll relay the information. If you create a plugin like this: [EPiServer.PlugIn.GuiPlugIn( Area = EPiServer.PlugIn.PlugInArea.AdminMenu, DisplayName = "Plugin name.", Description = "...

Posted by johan on April 29, 2009