the latest stories tagged with 'hacking' from DotNetKicks.com http://www.dotnetkicks.com/ en-us Atweb Publishing Ltd. http://backend.userland.com/rss DotNetKicks.com - .NET links, community driven 30 Stephen Walther's latest MVC tip introduced me to the MVC framework's ability to pass server variables into actions as parameters. Unfortunately using this feature is a very bad idea and could jeopardize the security of your application. Take a look at a code sample you might find surprising. <br /><br /><br /><a href="http://www.dotnetkicks.com/kick/?url=http%3a%2f%2fwww.squaredroot.com%2fpost.aspx%3fid%3d98b8ac0b-d5d2-42f1-bdad-ef75ce247c61"><img src="http://www.dotnetkicks.com/Services/Images/KickItImageGenerator.ashx?url=http%3a%2f%2fwww.squaredroot.com%2fpost.aspx%3fid%3d98b8ac0b-d5d2-42f1-bdad-ef75ce247c61" border="0" alt="kick it on DotNetKicks.com" /></a> http://www.dotnetkicks.com/aspnet/MVC_Routing_Security_Hole http://www.dotnetkicks.com/aspnet/MVC_Routing_Security_Hole Wed, 09 Jul 2008 19:16:11 GMT Explains SQL Injections, lets you perform a SQL injection against a live database, and explains how to mitigate the problem. If you are trying to get someone to write injection-proof code, I hope this will motivate them :) <br /><br /><br /><a href="http://www.dotnetkicks.com/kick/?url=http%3a%2f%2fduartes.org%2fgustavo%2farticles%2fHands-on-Sql-Injection.aspx"><img src="http://www.dotnetkicks.com/Services/Images/KickItImageGenerator.ashx?url=http%3a%2f%2fduartes.org%2fgustavo%2farticles%2fHands-on-Sql-Injection.aspx" border="0" alt="kick it on DotNetKicks.com" /></a> http://www.dotnetkicks.com/security/Hands_on_SQL_Injection http://www.dotnetkicks.com/security/Hands_on_SQL_Injection Thu, 14 Feb 2008 02:04:55 GMT