a mechanism has been added in asp.net to avoid injection on sensible page contents: the event validation.
simple as registering, server side, all the possible values of all the variables in your web page.
something like:
HASH(DropDownList1.UniqueID) XOR HASH(Valeur de l'article)
the result is then serialized to the __eventvalidation hidden field.
more on VIEWSTATE, a strict friend to __EVENTVALIDATION [excerpt from a pdf published in the follow-up]
__VIEWSTATE is an application state container.
Maintain state between multiple postback requests.
"Holds all your variables"
Serialized base64 encoded data.
Viewstate contents can be encrypted.
to understand what this is used for, here are the following pages
http://msdn2.microsoft.com/en-us/library/7kh55542.aspx
http://blogs.msdn.com/amitsh/archive/2007/07/31/why-i-get-invalid-postback-or-callback-argument-errors.aspx
http://odetocode.com/Blogs/scott/archive/2006/03/21/3153.aspx
http://weblogs.asp.net/bleroy/archive/2004/08/18/216861.aspx
http://msdn.microsoft.com/msdnmag/issues/06/12/CuttingEdge/
now on more precise explications
http://www.security-assessment.com/files/presentations/Syscan%20-%20Next%20Generation%20.NET%20Vulnerabilities.pdf
tools
http://www.windowsecurity.com/articles/SPIKE-BURP-real-world-computer-security-usage-Part4.html
http://www.portswigger.net/proxy/
all this is fun.
vendredi 30 novembre 2007
mardi 20 novembre 2007
From the wireless e-ink book to GranParadiso
Coming back to the office after the lunch, I can read the following news:
Amazon is launching a wireless e-ink book, named kindle. Amazon currently allows all users to download an excerpt of the sold books (90000, according to A.). Well, I think this could be a great Christmas present. Sony's doing (or has done) the same thing.
Mozilla foundation is releasing Firefox 3 beta 1.
Some news, good news indeed!
Amazon is launching a wireless e-ink book, named kindle. Amazon currently allows all users to download an excerpt of the sold books (90000, according to A.). Well, I think this could be a great Christmas present. Sony's doing (or has done) the same thing.
Mozilla foundation is releasing Firefox 3 beta 1.
Some news, good news indeed!
dimanche 18 novembre 2007
I'm not sure..
..about what's the destiny of these blogs.
right this evening I have heard a news about Facebook, who's using its users information to make money.
well, I'm pretty scared about this. about one month ago I've moved my official blog on a third party server. Now, I wouldn't like to know that this third party's using my personal information.
I'd like to use this blog as a personal diary, to record what's happening all around. Thus, this evening I am concerned not about the existence of this diary, but about its public-ness.
who knows? you can as well leave a comment. I will surely read it.
seeya.
right this evening I have heard a news about Facebook, who's using its users information to make money.
well, I'm pretty scared about this. about one month ago I've moved my official blog on a third party server. Now, I wouldn't like to know that this third party's using my personal information.
I'd like to use this blog as a personal diary, to record what's happening all around. Thus, this evening I am concerned not about the existence of this diary, but about its public-ness.
who knows? you can as well leave a comment. I will surely read it.
seeya.
samedi 17 novembre 2007
menage fait, ubuntu mise à jour
désormais il est 1453.
après une matinée passée à faire le menage, je suis bien ravi d'ouvrir mon ordinateur pour un instant. simplement parce que c'est une pause, et je peux l'utiliser pour écrire.
ce matin, pour la première fois, un update pou ubuntu ne pouvait pas être téléchargé. maintenant ça marche. il a suffi un peu de temps pour que les mecs d'ubuntu résolvent le problème avec les permissions sur les fichiers.
je continue avec ma pause relax.
après une matinée passée à faire le menage, je suis bien ravi d'ouvrir mon ordinateur pour un instant. simplement parce que c'est une pause, et je peux l'utiliser pour écrire.
ce matin, pour la première fois, un update pou ubuntu ne pouvait pas être téléchargé. maintenant ça marche. il a suffi un peu de temps pour que les mecs d'ubuntu résolvent le problème avec les permissions sur les fichiers.
je continue avec ma pause relax.
vendredi 16 novembre 2007
How to contract a PACS being a stranger in France [still incomplete]
Note: all the informations below have been obtained going to the Tribunal d'Instance de Lyon in a date anterior to 1 November 2007.
This tribunal is in rue Servient, 67, 69003 Lyon. To find the Tribunal next to your home, use the justice.gouv.fr site.
Well, if you want to contract a PACS, then the following steps should be sufficient for a young european citizen who (1) hasn't had problems with the law and (2) has not yet contracted a wedding or another PACS. Under these conditions, the documents you need to obtain are the following.
Acte de naissance
- go to servicepublic.fr or to wikipedia.fr and understand what a PACS is and which its effects are.
- go home or ask somebody who still lives in your country an integral copy of your "Acte de naissance"; it is usually a certificate which includes some information about when and where you're born, and who are your parents.
- (optionally) get an "extract de l'acte de naissance", translated in French. If you live in the European union you should obtain this document easily. This can help the Tribunal d'instance employees to close an eye about the missing translation of the integral copy of the Acte de naissance.
- if you haven't the "extract de l'acte de naissance" (en français), then call your Tribunal d'Instance (see justice.gouv.fr ) and obtain the list of translators for your language. Then pay one of them to translate your integral copy in french.
Certificat de NON PACS
- obtain the formulaire CERFA ( search on google)
- read the notice about it (same page as above)
- compile it
- then write to the "Tribunal de grande instance de Paris" (TODO: include address) including this formulaire, a copy of your extract de l'acte de naissance en français or your translation of the Acte de naissance, a copy of your identity document, and an empty envelop which already has a post stamp sufficient for the delivery of a single sheet of paper.
- a week will generally be sufficient to obtain this document. In the meanwhile, you can proceed to obtain the Certificat de non inscription au registre civil.
Certificat de non inscription au registre civil
It is necessary if you live in France from more than one year.
- write a document in which you ask for the Certificat de non inscription au registre civil. Notice that you must include your name, surname, date an place of birth and the ones of both your parents. your letter must be addressed to (TODO)
Declaration sur l'honneur
which affirms that you're not relatives
and that you set your common place of residence at the given address (your address).
Document d'identité
Take a copy of your identity card/passport and add it to the stack of documents.
Now, you're done. You can directly go to the Tribunal d'Instance of your city/department (see again justice.gouv.fr) to complete the procedure. Call the Tribunal to know the opening hours of the guichet and the hours during which you can set up the PACS. Then expect a variable amount of time of wait, depending on the day, on the number of persons in the queue, and on the mood of the person at the guichet. (Half a day, usually in the morning)
That's all folks!
This tribunal is in rue Servient, 67, 69003 Lyon. To find the Tribunal next to your home, use the justice.gouv.fr site.
Well, if you want to contract a PACS, then the following steps should be sufficient for a young european citizen who (1) hasn't had problems with the law and (2) has not yet contracted a wedding or another PACS. Under these conditions, the documents you need to obtain are the following.
Acte de naissance
- go to servicepublic.fr or to wikipedia.fr and understand what a PACS is and which its effects are.
- go home or ask somebody who still lives in your country an integral copy of your "Acte de naissance"; it is usually a certificate which includes some information about when and where you're born, and who are your parents.
- (optionally) get an "extract de l'acte de naissance", translated in French. If you live in the European union you should obtain this document easily. This can help the Tribunal d'instance employees to close an eye about the missing translation of the integral copy of the Acte de naissance.
- if you haven't the "extract de l'acte de naissance" (en français), then call your Tribunal d'Instance (see justice.gouv.fr ) and obtain the list of translators for your language. Then pay one of them to translate your integral copy in french.
Certificat de NON PACS
- obtain the formulaire CERFA ( search on google)
- read the notice about it (same page as above)
- compile it
- then write to the "Tribunal de grande instance de Paris" (TODO: include address) including this formulaire, a copy of your extract de l'acte de naissance en français or your translation of the Acte de naissance, a copy of your identity document, and an empty envelop which already has a post stamp sufficient for the delivery of a single sheet of paper.
- a week will generally be sufficient to obtain this document. In the meanwhile, you can proceed to obtain the Certificat de non inscription au registre civil.
Certificat de non inscription au registre civil
It is necessary if you live in France from more than one year.
- write a document in which you ask for the Certificat de non inscription au registre civil. Notice that you must include your name, surname, date an place of birth and the ones of both your parents. your letter must be addressed to (TODO)
Declaration sur l'honneur
which affirms that you're not relatives
and that you set your common place of residence at the given address (your address).
Document d'identité
Take a copy of your identity card/passport and add it to the stack of documents.
Now, you're done. You can directly go to the Tribunal d'Instance of your city/department (see again justice.gouv.fr) to complete the procedure. Call the Tribunal to know the opening hours of the guichet and the hours during which you can set up the PACS. Then expect a variable amount of time of wait, depending on the day, on the number of persons in the queue, and on the mood of the person at the guichet. (Half a day, usually in the morning)
That's all folks!
mercredi 14 novembre 2007
what's miro?
miro (n.m.) 1. joueur video. player TV. anciennement connu avec le nom 'democracy'. il est disponible pour linux. et windows. et pour un peu tous les autres systèmes d'exploitation, pour ce que je vois.
actuellement j'ai pris la source pour les archives ubuntu sur le site de miro.
à la fin du setup, il n'y a pas de link vers miro dans les menus de ma gutsy gibbon. mal.
en utilisant le terminal, pas de problèmes à démarrer miro.
par contre, la localisation du wizard contient des erreurs. mal, pour la deuxième fois.
j'ai réussi à voir la fenêtre principale, finalement.
je suis en train de rajouter les chaînes movie et news.
et maintenant je cherche de voir le JT de ce soir, sur NBC. il semble marcher...
mais, apparemment, aucun streaming. seulement le téléchargement est disponible. pas jolie, ça.
mh, encore beaucoup de doutes, quand je vois que apparemment quelques éléments se sont rajoutés tous seuls à la liste des téléchargements. pourquoi?
je ne sais pas, mais la session de tests à la maison va terminer dans quelque seconde. faute d'envie.
bonne soirée à nouveau.
actuellement j'ai pris la source pour les archives ubuntu sur le site de miro.
à la fin du setup, il n'y a pas de link vers miro dans les menus de ma gutsy gibbon. mal.
en utilisant le terminal, pas de problèmes à démarrer miro.
par contre, la localisation du wizard contient des erreurs. mal, pour la deuxième fois.
j'ai réussi à voir la fenêtre principale, finalement.
je suis en train de rajouter les chaînes movie et news.
et maintenant je cherche de voir le JT de ce soir, sur NBC. il semble marcher...
mais, apparemment, aucun streaming. seulement le téléchargement est disponible. pas jolie, ça.
mh, encore beaucoup de doutes, quand je vois que apparemment quelques éléments se sont rajoutés tous seuls à la liste des téléchargements. pourquoi?
je ne sais pas, mais la session de tests à la maison va terminer dans quelque seconde. faute d'envie.
bonne soirée à nouveau.
miro
shiny thing, this miro.
I'd like to try it. perhaps in the next days.
what about today? a cold day. the snow begins to fall over the hexagone.
personal appointment: the yearly rendez vous with my chef. I don't really know what this should define and help.
but it does exist. well, now it's passed. perhaps, in the next months an 'augmentation' will follow. I continue to learn SAP, and to move on small projects. Something like a Tun re-branding and a Bragardlish web application. let's hope well.
arte this evening transmits an afraiding reportage about the Great War. it could be a good signal to start the miro installation.
bonne soirée.
I'd like to try it. perhaps in the next days.
what about today? a cold day. the snow begins to fall over the hexagone.
personal appointment: the yearly rendez vous with my chef. I don't really know what this should define and help.
but it does exist. well, now it's passed. perhaps, in the next months an 'augmentation' will follow. I continue to learn SAP, and to move on small projects. Something like a Tun re-branding and a Bragardlish web application. let's hope well.
arte this evening transmits an afraiding reportage about the Great War. it could be a good signal to start the miro installation.
bonne soirée.
testing my blog
and the blog via email feature:
text formats
bold
italic
underlined
font face
colors
blue
red
yellow
other
highlight
yellow
green
red
orange
then a link to another site: my other blog and my email address
a numbered list
text formats
bold
italic
underlined
font face
colors
blue
red
yellow
other
highlight
yellow
green
red
orange
then a link to another site: my other blog and my email address
a numbered list
- 1
- 2
- 3
- strawberry
- blueberry
- blackberry
- berry
"esser quam videri malo"aligning text
right
leftcenter
attaching an image (blog test)
the result is the one I can see.
mardi 13 novembre 2007
amusing yourself with sap and docmgr
wow, the next release of docmgr is really unstable, currently.
normal, we are about one year before the final release.
note for the ones who will follow: it's better to add your sap host to the %systemroot%\system32\drivers\etc\hosts file before trying to connect the sap connector
another one: the current setup doesn't include the Custom folder and its content, in the SAP connector package.
normal, we are about one year before the final release.
note for the ones who will follow: it's better to add your sap host to the %systemroot%\system32\drivers\etc\hosts file before trying to connect the sap connector
another one: the current setup doesn't include the Custom folder and its content, in the SAP connector package.
carotul
mieux demander a philippe qu'est que c'est un carotul
quand même, j'aurais aimé prendre 4 jours de congés payés! :'-o
hier en fait on s'est pacsé.
quand même, j'aurais aimé prendre 4 jours de congés payés! :'-o
hier en fait on s'est pacsé.
un lundi particulier
hier, à peu près à 1045, je me suis pacsé.
on a passé une très belle journée, moi et ma copine/compagne. on a terminé la journée au Wasabi, un très beau resto japonais juste à coté de chez nous. le petit paume avait raison.
je suis ravi. c'est tout.
on a passé une très belle journée, moi et ma copine/compagne. on a terminé la journée au Wasabi, un très beau resto japonais juste à coté de chez nous. le petit paume avait raison.
je suis ravi. c'est tout.
le rêve de cassandra #2
je voulais rajouter, trois jours après, que le film est très hitchcockien.
un gran directeurs de la photographie, bien sûr.
je veux retourner au comoedia tôt que possible. ils ont beaucoup de beau films, toujours.
un gran directeurs de la photographie, bien sûr.
je veux retourner au comoedia tôt que possible. ils ont beaucoup de beau films, toujours.
samedi 10 novembre 2007
Le rêve de Cassandre
un film qui te fait poser beaucoup de questions.
un film qui t'interroge à propos du destin. du destin à toi.
un film qui t'interroge à propos du destin. du destin à toi.
vendredi 9 novembre 2007
preoccupato dalla pubblica amministrazione
cavoli, quanti casini ed incertezze con la pubblica amministrazione. non so se ho tutto il necessario per qualcosa che sto per fare. non so se andrà bene, non ho modo di saperlo fino all'ultimo. inoltre, se non lo faccio adesso perderò l'opportunità di farlo, o dovrò buttare via qualche dindo inutilmente.
uffa!
cosa faccio? un pacs. in francia. io cittadino italiano. beh, d'altronde vivo qui da un anno con la mia compagna.
nouveau calendrier
Le nouveau calendrier est arrivé.
Punaise, cette année on n’aura pas le Jeudi de l’Acension. Mieux : Jeudi de l’ascension sera le 1er Mai. Donc, les 4 jours fériés de Mai seront seulement 3… Malheureux moi !
Je vote pour une nouvelle version du calendrier. Corrigé, aussi.
jeudi 8 novembre 2007
sapping
I have started my dive into SAP this afternoon.
BAPI, sales orders and invoices are becoming part of my life.
in the same time, temperature's growing in my office. it's strange: we are in november but there're still 27 degrees, in Villeurbanne.
BAPI, sales orders and invoices are becoming part of my life.
in the same time, temperature's growing in my office. it's strange: we are in november but there're still 27 degrees, in Villeurbanne.
langage à utiliser
non ho ancora scelto la lingua che userò per questo blog.
credo che ci si dovrà aspettare un po' di italiano, un peu de français, a bit of english.
je crois que je prefère le français pour l'instant.
credo che ci si dovrà aspettare un po' di italiano, un peu de français, a bit of english.
je crois que je prefère le français pour l'instant.
post by email: ça marche aussi?
s'il est plus twitter-like, je pourrais vite publier des post par email.
un test c'est necessaire, donc.
un test c'est necessaire, donc.
a twitter like blog?
salut, c'est un nouveau blog.
pas avec le même style du iagosbar.wordpress.com.
beaucoup plus informel.
beaucoup plus vite à écrire.
on essaye.
a+
pas avec le même style du iagosbar.wordpress.com.
beaucoup plus informel.
beaucoup plus vite à écrire.
on essaye.
a+
Inscription à :
Articles (Atom)