Author: Craig Stuntz
YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution.
It’s Not Just Ruby
A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at existing YAML…
Author: Craig Stuntz
HTML input elements have a placeholder attribute which you can use to show a bit of text to prompt the end user. Although you can make an editable div by using the contenteditable attribute, it will not support the placeholder attribute. I needed to do…
Author: Miguel Angel Oliver
On15th of November the HTML5 Builder QA Team was in the VLCTesting where welearned very good experiences and shared knowledge, amongst this was the software Sonar,Right now in HTML5 Builder we are not using that tool but we…
Author: Craig Stuntz
I helped another developer debug an interesting problem this morning. Let’s see if you can spot the problem. The code in question looked something like this simplified version containing only enough code to show the problem:
public void Execute()
{
DoStuff(); // breakpoint 1
}
public IEnumerable<Coordinate> DoStuff()
{
…
Author: Craig Stuntz
In an application which uses the Entity Framework, you may see the following error at runtime:
MetadataException: Unable to load the specified metadata resource
The cause of this error is a missing or malformed Entity Framework connection string. In…
Author: Craig Stuntz
If you have a list, array, or query in a C#/LINQ application and need to check and see if the list is empty, the correct way to do this is to use the Any() extension method:
if (q.Any())
{
Similarly, you can check to see if any elements in the list…
Author: Craig Stuntz
A couple of weeks ago, I wrote What Is Homomorphic Encryption, and Why Should I Care? In that post, I promised to share my C# implementation of the algorithm from Craig Gentry’s CACM article. Before I can do that, though, I need to explain some of the math involved.
Perhaps surprisingly, it’s actually very simple. (I say “surprisingly” because much of…
Updated: 28 November, 2021
Author: Craig Stuntz
What Is Homomorphic Encryption?
“Homomorphic” is an adjective which describes a property of an encryption scheme. That property, in simple terms, is the ability to perform computations on the ciphertext without…
Author: Craig Stuntz
Version 3.5.2 of jqGrid included an important new feature:
Now when autoencode is set to true we encode the data coming from server and not only when we post it (secutity fix)
Prior to this, you were required to encode the data yourself.
Now personally…
Author: Craig Stuntz
As you’re probably aware, an Entity Framework model is stored in a single XML file, with the extension EDMX. Developers occasionally ask if this means that two people cannot work on the entity model concurrently. My answer to this is, “It depends.” But I can give you some tips to make it easier.
Obviously, if you use a source control tool which locks files on…
