Wednesday, August 30, 2006

Okay.. My differences about DataGrid, DataList, and Repeater in ASP.NET


Yes. Illustrated image is for understandings i have over three.

venkat.Murthy

Friday, March 31, 2006

Happy Birthday MUGH!!!

Wow.. its unbelievable that MUGH is celebrating its 3rd birthday on 1-Apr-06. Started way back as DUNG, it is you all that made it a trend setter in communities space, here in india.

So, keep your comments/suggestions coming in, and we all shall continue in making MUGH the best !!!

venkat.Murthy

Sunday, February 26, 2006

New HTMLEncoding and URLEncoding

Widely used approach to avoid risk posed by XSS is to encode all untrusted input into non-executable forms, before rendering it as output. The System.Web.HttpUtility.HtmlEncode is one namespace provided by microsoft that encoded charecters into safer HTML formats.

The approach looks for bad characters in input, with an assumption of all possible invalid inputs an attacker might attempt. This can provide protection to applications against XSS attacks, but it merely depends on howmuch were assumption were correct? For example, some of currently possible valid encodings of the character “<” are: (I have seperated each encoded value with a ':').

<: %3C: <: < : < : &LT; : < : &#060 : < : &#00060 : < : < : &#60; : < : < : < : < : < : < : &#x03c : < : &#x0003c : < : &#x000003c : < : < : <
< : < : < : < : &#X03c : < : &#X0003c : < : &#X000003c : < : < : < : < : < :
< : < : &#x03C : < : &#x0003C : < : &#x000003C :
< : < : < : < : < : < : < : &#X03C : < : &#X0003C : < : &#X000003C : < : <

Tough... isn't it ? The Anti-Cross Site Scripting Library V1.0 by Microsoft takes an approach based on allowing only known or good inputs, and rejecting every thing else. This is a good and comprehensive approach of allowing all known-inputs rather than not-allowing all unknown inputs.

You can download installer here. There is new support for HTMLEncode and URLEncode exactly the same as their System.Web.HttpUtility counterparts (HttpUtility.HtmlEncode and HttpUtility.UrlEncode), but under AntiXSSLibrary.HtmlEncode and AntiXSSLibrary.UrlEncode namespaces !!!

Thursday, January 12, 2006

Finally the results are out!!!

Microsoft Users Group, Hyderabad (MUGH) has announced winners for CodeWarriors 2005 and SQL server 2005. Check more at http://www.mvpblog.com/techfest/

Thursday, December 01, 2005

Trackback : On an intersting opinion

Sudha, has clearly stated what could we have done to improve the remarks on our engineers.

Having a great potential across world, our engineers have always contributed more. Considering the less 'practical exposure', and more 'theoritical knowledge' indian engineers have, as commented by Criag, could it have been better to point out like: given the right exposure and current knowledge, indian engineers can scale up to new heights, as they have always done.

Well, even all IT industrialists like Naryananan, Anil Ambani speak the same.

How did we go about that?

venkat.Murthy

Wednesday, November 23, 2005

Count down begins

Thanks for the participation in CodeWarriors and SQLWHIZ contests at TechFest. Count down begins, and hope everyone could make up to the final round !!!

venkat.Murthy

Monday, September 05, 2005

Code Warriors 2005, SQL Whiz 2005 at MUGH, Hyderabad

Time for curtain UP!!!

MUGH (www.mugh.net) has lot of action for developers and technology experts this year. As said in promised in this post, we have bought two back to back events for tech-savy professionals.

SQL Whiz 2005 - This is SQL Server White paper contest for Hyderabadis out there, who want to show case their technical skills on Microsoft SQL Server. I am sure, this contest will bring up the SQL guru in you, and you can feel the difference. Wait...... you can have lot of goodies, books, tee-shirts. Ofcourse, a certificate of recognition will come for all winning entries signed by community gurus and champs at Microsoft.

Come, show case your SQL Skills at SQL Whiz 2005.....

Code Warriors 2005 - An ultimate development challenge for all Microsoft technology users. Horn your Whidbey skills, tame your applications and win lot of prizes !!!! The contest is commencing soon, and you can start preparing right now... For preliminary round, submit documents about the application you are going to work on, leveraging Whidbey. Once your entries are valuated, then you can submit a working copy of the application for final evaluation.

Again..... You application shall be showcase for entire community at gotdotnet, apart that, you recieve lot of prizes, books signed by Microsoft experts.

Come on, start working on... After all, its your code and your sword for code warriors 2005 at MUGH!!!

Find more about contest at
http://www.mvpblog.com/techfest/index.htm
http://www.mugh.net