In this section, we will discuss SQL injections, a persistent issue that requires careful attention due to its serious implications. Let’s delve into this problem. Imagine we have a query that retrieves the "city" value from a submitted HTML form, and we decide to insert this input directly into our SQL query like this: Using dynamic SQL queries in this manner should be avoided, especially when the input comes from users. What could go wrong?...
Relying exclusively on client-side validation should be avoided at all costs. This approach is unreliable, as knowledgeable users can easily manipulate client-side code to circumvent validation rules. Let’s consider an example to illustrate this. In our scenario, we have a Razor Pages application featuring a login form. The form employs bind property attributes in the code-behind to associate form values with attributes. We’ve implemented...
In this section, we will examine how to manage sensitive information within the .NET development environment, with an emphasis on safeguarding secrets utilized during development. These secrets are sensitive data that are essential in the development process. Imagine a situation where two developers are collaborating on a project, each needing their own unique passwords to access the database. It's crucial that they avoid sharing these...
Let’s delve into a common security issue where developers neglect to hash user passwords correctly. It's essential to grasp the importance of hashing. Imagine a user registers by entering their username and password. During this process, we save the username and password in plain text in our database. If the database gets hacked, the attacker can access Henry's password and potentially steal his account. How can we address this problem? One...
In this section, we will examine the misuse of cookies, particularly concerning cross-site request forgery (CSRF). Consider a scenario in which a user interacts with a web browser with the intention of visiting a bank's website. Upon accessing the bank’s site, the user submits a login request and subsequently receives a cookie from the bank, enabling further actions on the site, contingent upon a successful login. However, if the user is...
In this section, we’ll delve into parallel and asynchronous programming in C#, particularly addressing the frequent mistake of overusing threads rather than leveraging tasks. It's important to understand that a Task is an abstraction built on top of the threading model. In many cases, a task does not need to be linked to a specific thread. Tasks provide a wealth of features, such as timeout handling, cancellation support, and continuation...
Introduction Blazor is a programming framework to build client-side Web applications with .NET. It allows .NET developers to use their C# and Razor knowledge to build interactive UIs running in the browser. Unlike Angular, ReactJs or VueJS which is a development platform, built on TypeScript/JavaScript and change process takes place on client side. Blazor built on C# and the change process occurs on server side. This article is review how that...
Code review overview What is the review code The process by which programmers review and evaluate another team member's code At the same time, it is also the process of discussing and giving suggestions to help improve the quality of the code. Benefits of code review Personally: Improve your level. Learn how to communicate and give suggestions to others, as well as verify your knowledge. About work: Capture what happens in the project It is an...
