If you don’t encode data when using any of the following methods to output to HTML your application could be compromised by unexpected HTML turning up in the page and modifying everything from formatting though to capturing and interfering with form data via remote scripts (XSS). Such vulnerabilities are incredibly dangerous.

Using MonoRail or Microsoft’s MVC does not make you automatically immune — use {! }{! } in MonoRail’s Brail engine and the HtmlHelpers in Microsoft’s MVC to ensure correct encoding.

Part of my job involves revising our SQL Server architecture. My plan includes the addition of a read-only reporting SQL pair for non-critical inquiries and reports. This allows the heavy and unpredictable load from reporting away from from the primary SQL pair responsible for critical operations (shipping orders).

We utilized SQL Server’s publisher-subscriber replication on the required databases which, given their legacy nature, had some cross-database dependencies that were added without due consideration.

Hello Damien

You have received this email as a customer of our sister company, Friends Reunited.

The first public preview of Microsoft’s ASP.NET MVC (model view controller) framework is now available.

Download ASP.NET 3.5 Extensions (EXE) (3.7 MB)

A few years ago I believed that HTML and SQL injection vulnerabilities were headed for extinction. Thanks to object-relational mapping tools SQL injection continues to die but HTML and script injection vulnerabilities are as popular as ever.

Part of the problem stems from the “back-to-basics” approach to rendering web pages, throwing out classes and controls for string-based libraries (primitive obsession) and helpers which do not encode HTML or even offer a concise simple syntax to do so.

Wake up every morning to your iTunes playlist without the danger of an app launching it and having a problem/update pending that prevents you getting to work on time.

Alarm Clock 2 also includes Timers (great for a quick 20 minute power nap) and Stopwatches alongside the normal one-off or regular scheduled alarm that will bring both you and your machine out of sleep ready for that early-morning email check.

I just got the opportunity to try out the latest version of VMware and thought I’d do a quick Windows Experience Index on Boot Camp, Parallels and VMware to see what the performance is like before my new MacBook Pro 17″ arrives (hopefully on Friday!)

When I installed Leopard on my machine I took the opportunity to carve out a dedicated 20GB partition again to put a fresh install of Vista on. As well as being able to boot natively this also now means I can run my single Windows partition switching between native, Parallels or VMware at will which admittedly drives Windows Activation crazy.

I know, I said there would be a good chance that the next version of Envy Code R would be out this weekend but the annoying sizing, thickness and cropping issues that came up at some sizes above and below the optimum 10 point were really annoying me.

Many articles later, some playing around with Microsoft Visual TrueType and much frustration and experimentation later I think I’m on the right path.

Open source and free software projects still have much to learn from commercial software, the number one in my book being “the pitch”.

Most free software project home pages consist of a brief description, a list of technical documents and a number of download options but fail to pitch their solution at all.

The next version of my Envy Code R font especially designed for programming (monospaced, easily distinguishable characters) is nearing completion and represents a very response-driven update to feedback, specifically:

I have also fleshed out a number of additional symbols and accented letters that has seen the number of code pages supported increase to 12 pages and made a large number of tweaks to the italic version which was a last-minute addition to 0.6 (PR6) and had a number of errors especially round the accented letters.