While troubleshooting a site I'm developing, I noticed that a page was double posting. After a little brute force diagnostics, (comment everything out, bring things in one-at-a-time), I was able to isolate the issue.
My company has a couple of ImageButtons that are wired up as hover buttons. We have a control that you set the on & off images on and it does the rest. For some reason (Murphy's Law I suppose), we weren't sending out the ImageButton's ImageUrl as the off image. We just let the startup javascript assign that client side. This resulted in an input type=image form field with an empty src attribute being sent to the client. That seems benign right? Well it isn't...
If you have on your page one image field with a valid src attribute and another with no src attribute, IE interepts the src of the missing attribute to be the url of the current page and then IE will proceed to request the current page again in hopes of displaying an image for the missing scr attribute. Ouch right?
This means that if you have any control, image button, asp:image, etc on you site that is sending out src="", which you might not, IE will perform a double post to your page. Yes a double post and all form fields are sent, it is a full blown duplicate request. This means performance * .5...
This is easily tested in your ASP.NET application. All you need is a page with the following markup and a wired up Page_Load with a breakpoint on string Foo = "Bar";. Run the debugger an enjoy...
<img src="" /><img src="valid.jpg" />
Disclamier: I haven't tested to see if the non-blank src must be valid... When I say IE I have only tested IE7 and it fails. I did test Google Chrome and it did not create a duplicate request.
I realize that this might not be a big deal because I'm the only person out there sending out empty src attributes, but I thought I'd share the find.
Right now we have owners set to whoever creates the databases for most databases, but there are a few owned by sa. I'm thinking how great it would be to consolidate this. To this end, I've created a database owner domain account and added it as a SQL server login. The login only has the public server role. In a move common with things I typically do, going overboard, I have denied this accounts ability to connect to the server and disabled it.
So far things seem to be going smoothly. One thing to note is that if you are planning on using unsafe clr assemblies the owner will need to have unsafe permissions....
This seems like a fairly secure database owner setup to me. I mentioned it to someone and he asked if we just had a security problem... No, that's the point, we don't want one. What do you think?
If things work out, we'll be looking for a way to automatically set the owner. I'm guessing it'll need to be a server level trigger, because I don't see anything in model that let's you assign a default owner...
Feedback greatly appreciated.
I haven't posted in a long time and this isn't exaclty ground breaking content, but I saw this today and I can't help myself. To me this looks like a typo in the help file name. Perhaps I'm seeing something where there is nothing.
