Fri 25 Apr 2008

EASY Vs DIFFICULT

 

 

Easy is to get a place is someone's address book.

Difficult is to get a place in someone's heart.

 

 

Easy is to judge the mistakes of others

Difficult is to recognize our own mistakes

 

 

Easy is to talk without thinking

Difficult is to refrain the tongue

 

 

Easy is to hurt someone who loves us.

Difficult is to heal the wound...

 

 

Easy is to forgive others

Difficult is to ask for forgiveness

 

 

Easy is to set rules.

Difficult is to follow them...

 

 

Easy is to dream every night.

Difficult is to fight for a dream...

 

 

Easy is to show victory.

Difficult is to assume defeat with dignity...

 

 

Easy is to admire a full moon.

Difficult to see the other side...

 

 

Easy is to stumble with a stone.

Difficult is to get up...

 

 

Easy is to enjoy life every day.

Difficult to give its real value...

 

 

Easy is to promise something to someone.

Difficult is to fulfill that promise...

 

 

Easy is to say we love.

Difficult is to show it every day...

 

 

Easy is to criticize others.

Difficult is to improve oneself...

 

 

Easy is to make mistakes.

Difficult is to learn from them...

 

 

Easy is to weep for a lost love.

Difficult is to take care of it so not to lose it.

 

 

Easy is to think about improving.

Difficult is to stop thinking it and put it into action...

 

 

Easy is to think bad of others

Difficult is to give them the benefit of the doubt...

 

 

Easy is to receive

Difficult is to give

 

 

Easy to read this

Difficult to follow

 

 

Easy is keep the friendship with words

Difficult is to keep it with meanings.

Categories : Thoughts / Lessons
E-mail this post to someone or Comments here
Thu 24 Apr 2008

Would be old one but just a refreshing

 

Contents

What ASP.NET Developers Should Always Do
Where the Threats Come From
ViewStateUserKey
Cookies and Authentication
Session Hijacking
EnableViewStateMac
ValidateRequest
Database Perspective
Hidden Fields
E-mails and Spam
Summary
Related Resources

What ASP.NET Developers Should Always Do

If you're reading this article, you probably don't need to be lectured about the growing importance of security in Web applications. You're likely looking for some practical advice on how to implement security in ASP.NET applications. The bad news is that no development platform—including ASP.NET—can guarantee you'll be writing 100-percent secure code once you adopt it—who tells that, just lies. The good news, as far as ASP.NET is concerned, is that ASP.NET, especially version 1.1 and the coming version 2.0, integrates a number of built-in defensive barriers, ready to use.

The application of all these features alone is not sufficient to protect a Web application against all possible and foreseeable attacks. However, combined with other defensive techniques and security strategies, the built-in ASP.NET features form a powerful toolkit to help ensure that applications operate in a secure environment.

Web security is the sum of various factors and the result of a strategy that goes well beyond the boundaries of the individual application to involve database administration, network configuration, and also social engineering and phishing.

The goal of this article is to illustrate what ASP.NET developers should always do in order to keep the security bar reasonably high. That's what security is mostly about—keep the guard up, never feel entirely secure, and make it harder and harder for the bad guys to hack.

Let's see what ASP.NET has to offer to simplify the job.

Where the Threats Come From

In Table 1, I've summarized the most common types of Web attacks and flaws in the application that can make them succeed.

AttackMade possible by . . .
Cross-site scripting (XSS) Untrusted user input echoed to the page
SQL injection Concatenation of user input to form SQL commands
Session hijacking Session ID guessing and stolen session ID cookies
One-click Unaware HTTP posts sent via script
Hidden field tampering Unchecked (and trusted) hidden field stuffed with sensitive data

 

 

 

More at ....

 

Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks

http://msdn2.microsoft.com/en-us/library/ms972969.aspx

 

 

E-mail this post to someone or Comments (1)
Sun 6 Apr 2008

"ENGINEERS AND HR OFFICERS"

 

3 Real Life Stories...

 
1.     The First …

 

Eleven people were dangling below a helicopter on a rope.  There were ten HR people and one engineer.

Since the rope was not strong enough to hold all the eleven, they decided that one of them had to let go to save all the others.
They could not decide who should be the volunteer.  Finally the engineer said he would let go of the rope since engineers are used to do everything for the company.  They forsake their family, don't claim all of their expenses and do a lot of overtime without getting anything in return.
When he finished his moving speech all the HR people began to clap…
 
 Moral:
 
Never underestimate the powers of the engineer.
 

 

2.     The Second …

 
A group of engineers and a group of HR people take a train to a conference.  Each HR person holds a ticket.  But the entire group of engineers has bought only one ticket for a single passenger.  The HR people are just shaking their heads and are secretly pleased that the arrogant engineers will finally get what they deserve.
Suddenly one of the engineers calls out: "The conductor is coming!".  At once, all the engineers jump up and squeeze into one of the toilets.  The conductor checks the tickets of the HR people.  When he notices that the toilet is occupied he knocks on the door and says: "Ticket, please!"  One of the engineers slides the single ticket under the doors and the conductor continues merrily on his round.
For the return trip the HR people decide to use the same trick.  They buy only one ticket for the entire group but they are baffled as they realize that the engineers didn't buy any tickets at all.   After a while one of the engineers announces again: "The conductor is coming!"  Immediately all the HR people race to a toilet and lock themselves in.
All the engineers leisurely walk to the other toilet.  Before the last engineer enters the toilet, he knocks on the toilet occupied by the HR people and says:  "Ticket, please!"
 
Moral:
 
HR people like to use the methods of the engineers, but they don't really understand them.
 

 

3.     The Third …

 
Once upon a time three HR people were walking through the woods and suddenly they were standing in front of a huge, wild river.  But they desperately had to get to the other side.
 
 
 But how, with such a raging torrent? 
 
The first HR guy knelt down and prayed to the Lord:  "Lord, please give me the strength to cross this river!"
 
*pppppfffffffuuuuff ffffff*
 
The Lord gave him long arms and strong legs.  Now he could swim across the river.  It took him about two hours and he almost drowned several times.
 
BUT… he was successful!
 
The second HR guy, who observed this, prayed to the Lord and said:  "Lord, please give me the strength AND the necessary tools to cross this river!"
 
*pppppfffffffuuuuff ffffff*
 
The Lord gave him a tub and he managed to cross the river despite the fact that the tub almost capsized a couple of times.
 
BUT… he was successful!
 
The third HR man who observed all this kneeled down and prayed:  "Lord, please give me the strength, the means and the intelligence to cross this river!"
 
*pppppfffffffuuuuff ffffff*
 
The Lord converted the HR man into an engineer.  He took a quick glance on the map, walked a few meters upstream and crossed the bridge.
 
Moral:

You have to be an engineer to think intelligent, Otherwise…

 
GOD HELPS YOU!

E-mail this post to someone or Comments (3)