One of the basic but important security issues in web development that you should pay attention to is SQL Injection. Recently HP released a free tool called Scrawlr to test such vulnerabilities.

This tool checks your pages using a simple crawler or Google query and find any SQL Injection problems. This tool can only check issues on GET parameters.

You can check up to 1500 URL in each web site using this free tool.

Download: https://download.spidynamics.com/Products/scrawlr/

 

It’s so easy to use powerful ASP.NET Membership, Role and Profile provider in a Windows or Console application. Only one key point remains here; you should add an app.config file to your Console or Windows application and include these nodes in that:

<?xml version='1.0' encoding='utf-8'?>
<configuration>
    <connectionStrings>
        <add name="SQLConnString" connectionString="SERVER=(local);DATABASE=SampleApp;UID=sa;PWD=123"/>
    </connectionStrings>
    <system.web>

        <membership defaultProvider="SampleAppMembershipProvider">
            <providers>
                <add name="SampleAppMembershipProvider"
                     connectionStringName="SQLConnString"
                      applicationName="SampleAppMembership"
                      enablePasswordReset="true"
                      enablePasswordRetrieval="false"
                      passwordFormat="Hashed"
                      maxInvalidPasswordAttempts="100"
                      minRequiredPasswordLength="5"
                      minRequiredNonalphanumericCharacters="0"
                      requiresQuestionAndAnswer="false"
                      requiresUniqueEmail="true"
                      passwordAttemptWindow="5"
                      passwordStrengthRegularExpression=""
                      type="System.Web.Security.SqlMembershipProvider" />
            </providers>
        </membership>

        <profile defaultProvider="SampleAppProfileProvider">
            <providers>
                <add name="SampleAppProfileProvider"
                type="System.Web.Profile.SqlProfileProvider"
                connectionStringName="SQLConnString"/>
            </providers>
            <properties>
                <add name="FirstName" type="System.String" />
                <add name="LastName" type="System.String" />
                <add name="Email" type="System.String" />
                <add name="Website" type="System.String" />
                <add name="Address" type="System.String" />
                <add name="Note" type="System.String" />
                <add name="Phone" type="System.String" />
                <add name="Fax" type="System.String" />
                <add name="Feature" type="System.Int32" />
            </properties>
        </profile>

        <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="SampleAppSqlRoleProvider" 
                 cookieName=".ASPXSampleAppROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="false" 
                 cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All">
            <providers>
                <clear/>
                <add name="SampleAppSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 
                      System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
                      connectionStringName="SQLConnString" applicationName="SampleAppRoles"/>
            </providers>
        </roleManager>
    </system.web>
</configuration>

 

Hi!

It's a long time since I've decided not to post simple day-to-day not useful posts on Sharplife.NET; meanwhile this damn busy life doesn't allow me to post large technical posts about .NET, so if you are interested to follow some links and tiny posts you can follow me on Twitter, Jaiku, Plurk or Pownce.

I'll try to write some technical stuff periodically.

Don't forget to take a look at tabassom.com

 

Iranian Arian Music Band and famous Irish singer, Chris De Burgh, are working on a joint song. According to Mohsen Rajabpour, managing director of Arian Band "A Medlody for Peace" is the name of this song and with the theme of love and respect to human beliefs, and soon will be presented inside and outside the country.

This new song will be shipped with 4th Arian album in the next few months.

 

A few days ago, I found some free time to study some articles and documentation about .netTiers. I tested it on some of my previous projects and result was great. Professional software architecture in generated code, smart code generation based on database tables and columns, ease of use, etc. are amazing features of this open source template for CodeSmith.

.netTiers official website has a documenation you can read online but how I searched, I couldn't find any offline version of this documentation to download. So I saved all documentation sections as HTML files and also created PDF version of each page. You can download this documentation in a compress file here (3.7 MB).

 

I have 9 Jaiku invitations left. Everyone who wants to receive one, please leave his/her name and email address in comment of THIS post.

Forget to say I'm at mahdi.jaiku.com!


UPDATE: I sent all 9 invitations and I don't have anymore left.

 

Recently (and specially after Web 2.0 revolution) many websites started to use more complicated CAPTCHA solutions on their websites in order to prevent spam and bot attacks. There are many free solutions and tools for users and developers to implement CAPTCHA technology in their applications. There are also many ASP.NET controls and components for this approach but many of them are so simple to hijack or don't offer features that these days we see on professional websites (some features like reload function, voice, etc.).

A few days ago I found a link to reCAPTCHA on Yahoo!. reCAPTCHA is a free (but professional) tool for basic users and also developers. To use this service you should first signup, receive an API Key for your website (you can receive as many as you need) and use one of easy-to-install plugnins provided. And good news for ASP.NET developers is that you can download and use a server side control and enjoy reCAPTCHA with two lines of code! The API Key guarantees your website and prevents attackers collect answers from visitors and use them. There are three different themes to choose.

If you want to use reCAPTCHA on a Web 2.0 website you can use AJAX API just by adding this line of code to you html or webform file: I strongly suggest you download and test this tool in your web applications.

Quick Links: reCAPTCHA.net | Live Demo | Why reCAPTCHA | Signup | reCAPTCHA.NET Control | Email Protection With reCAPTCHA

 

Omar Al Zabir has recently listed 10 cool articles about ASP.NET, AJAX, ... which he has published this year. From my personal view these articles are interesting:

• Cleanup inactive anonymous users from ASP.NET Membership Tables
• Prevent Denial of Service (DOS) attacks in your web application
• 13 disasters for production website and their solutions