Browsing Posts in Security

If you’ve developed any moderately complex web application, you’ve probably implemented some form of role-based security. For instance, only administrators can access the /Admin directory. Only ContentCreators can update web page content. Only RegisteredUsers can access the site. ASP.NET makes all of this relatively easy through the <authorization> section of the web.config file(s), programmatic security, […]

Fellow plumber, Bil Simser, asks the question how the heck does someone debug SharePoint as a non-admin. Elementary, my dear Simser, elementary… The fundamental problem that Bil is experiencing occurs with SharePoint, ASP.NET, or any app that runs under a different security context than your own. A normal user can only debug applications running under […]

We’ve just released Episode 3: Powered by Infinite Improbability Drive. So that we can get you, our loyal listeners, the episodes more quickly, we’ll be hosting on both MSDN Canada Community Radio as well as on the Plumbers @ Work site. You can find the show notes here, photos here, and podcast here. It will be […]

Michael Howard, co-author of Writing Secure Code*, has an excellent blog post on how static code analysis tools are only one weapon in your arsenal when writing secure code. I would highly recommend reading it. A quick summary… Unless you understand the threats, know how to architect secure applications, know how to write secure code, know how to test […]

As usual, I’ve been reading voraciously about all things .NET and here’s a selection of articles and blog posts that every developer should read in their copious amounts of spare time over the holidays. Our first stop is security… Security for developers has long been near and dear to my heart. So it should come as […]

After months of preparation and much secrecy, Plumbers @ Work has been released into the wild by the .NET Plumbers. The regular podcast is part of MSDN Canada Radio and will be featuring John Bristowe, Dan Sellers, Bil Simser and myself. We’ll be talking about current and upcoming developments in .NET and Microsoft technologies. Our inaugaural episode […]

So you’ve finally decided to do it – you’re going to break the addiction, join AA (Administrators Anonymous), and stop developing as a local administrator. I applaud you. I’ve been successfully developing software as a non-administrator for a number of months and I feel great. Here’s a few tips and tricks to be a successful […]

Microsoft has entered the antispyware fray with a surprisingly named product – Microsoft AntiSpyware – which is currently in beta. (After the Microsoft Bob fiasco, Microsoft has gotten a lot better at naming its products – even if the names are a tad obvious. Hmmmm… I wonder what Microsoft Content Management Server does???) Anyway Microsoft acquired […]