ASP.NET MVC架構下如何防範表單偽造(CSRF)

首先,何謂CSRF?CSRF是Cross-Site Request Forgery的簡稱,簡單來說就是惡意駭客為竊取資訊用script創造成的假表單。詳情請參考OWASP官網解說:Cross-Site_Request_Forgery

那麼在ASP.NET MVC底下,其實要防範這個問題相當簡單,只要在Razor Ajax.BeginForm或是Html.BeginForm,甚至是一般傳統Html

內加上@Html.AntiForgeryToken,就會在表單Submit的時候產生2個相同值的Token。 繼續閱讀 “ASP.NET MVC架構下如何防範表單偽造(CSRF)”

[C#]The returned value of DataContext.ExecuteCommand when executing stored procedures.

In our project, SQL scripts(CRUD in specific) are executed using the class “DataContext” in combination with LinqToSQL,
and then of course, when the method “ExecuteCommand” is invoked, the returned value indicates the rows updated.

When the SQL command executed is simply just an INSERT/UPDATE/DELETE, the result is as obvious as ever.
But when it comes to stored procedures, things might not be that simple. 繼續閱讀 “[C#]The returned value of DataContext.ExecuteCommand when executing stored procedures.”

A Brief Introduction to JavaScript Functions and Closure

I have been told that “Closure” is considered an important concept in functional programming, so I did some study on this topic, and would like to share it to you.

The following will be the outline:
1. Functions in javascript.
2. What is a closure?
3. Implementations of closure

繼續閱讀 “A Brief Introduction to JavaScript Functions and Closure”