Monthly Archives: January 2009

SQL Data Services Query Injection

The “query language” of SQL Data Services is basically a LINQ statement as a string, e.g.: from e in entities where e["username"] == “{0}” && e["password"] == “{1}” select e Do you see a problem here? Of course string concatenation … Continue reading

Posted in Uncategorized | Leave a comment

Get help running a partial SSL website in ASP.NET

A while ago I wrote this article about some of the things to watch out for when securing parts of an application with SSL. Keith used the attached code as part of his work and extended it. Even better he … Continue reading

Posted in ASP.NET | Leave a comment

Welcome Richard Blewett

I am thrilled to announce that Rich has joined thinktecture this week. That’s great news. I’ve been working with Rich since 2004 (in fact – he was part of that scary initiation ritual at DevelopMentor called “Test Teach”). He’s a … Continue reading

Posted in Uncategorized | Leave a comment

Live ID and Information Cards

I while ago I wrote that there is an experimental version of the Live ID login page that makes use of Information Cards linked to your Live ID account. Unfortunately this login form was only used for very specific services … Continue reading

Posted in IdentityModel | Leave a comment