I have been too slow to get to this! The security experts at Fortify Software have recently discovered a new Web 2.0-specific security vulnerability that may affect some sites passing JSON-encoded data to the client, and I got some nudges from both coworkers and customers to investigate this deeper. So, what is this vulnerability all about? In short, you have to be extra careful when using HTTP GET requests to stream JSON-encoded data to the client. You may be thinking that you are using ASP.NET's authentication mechanism and you are conveniently hidden behind the session and forms authentication cookie, but that may not be...

Howdy geeks! No, it's not Christmas time, but we have a nice present wrapped up for you :) For the ones out there like me who enjoy all sorts of gizmos – check it out: http://converter.telerik.com/ the cool new service offered from the telerik labs free of charge for everyone. I was wondering how to best describe the idea, but Todd seems to do a better job: Code Converter is a free and simple VB to C# and C# to VB code converter. While there are several other good code converters available, none are perfect. Some are buried in busy websites. Some are awkward...

For those of you who are not subscribed to my Telerik Watch blog, I want to bring your attention to some important news. The Ajax Manager WebCast that I'll be doing with Microsoft this week is already full! Clearly everyone is eager to see the latest from Telerik and how we're embracing ASP.NET AJAX and I want to thank everyone for making this WebCast an early success. The good news for those of you who did not register in time is that the entire event will be available on demand sometime next week. For full details on accessing the on...

Today I had another trivial problem that was unbelievably hard to debug just because I could not tell that an error caused by a web resource was caused by exactly that resource. I was dealing with a forgotten [WebResource] attribute that did not have a matching resource built in the assembly and both generated a server side exception and gave browsers a 404 HTTP error. I wanted to decrypt the query string data that was being passed to WebResource.axd and extract the resource and assembly name from it. MSDN told me that what I needed was the "d" query string parameter, as it contained the encrypted assembly and resource name. The...

The Ajax PapersPart II: Updating the PageDownload formatted PDF version for easy readingIn part one of this series on Ajax we looked at Ajax basics. What it is. How it works. Where it executes. We learned that Ajax communication (in its most basic form) only takes a few lines of JavaScript to work. If Ajax is so easy, what’s all the fuss about Ajax being so hard? Even though Ajax in its purest sense just defines a method for communicating asynchronously with the server, it is relatively useless unless you do something with the information returned from the server. That “something” usually means that you need to...