By tag: hacking
0
kicks
MVC Routing Security Hole
Stephen Walther's latest MVC tip introduced me to the MVC framework's ability to pass server variables into actions as parameters. Unfortunately using this feature is a very bad idea and could jeopardize the security of your application. Take a look at a code sample you might find surprising.
0
kicks
Hands-on SQL Injection
Explains SQL Injections, lets you perform a SQL injection against a live database, and explains how to mitigate the problem. If you are trying to get someone to write injection-proof code, I hope this will motivate them :)