http://weblogs.asp.net/bleroy/archive/tags/IIS/default.aspxTags: IISenCommunityServer 2007 SP1 (Build: 20510.895)http://weblogs.asp.net/bleroy/archive/2008/06/25/new-tools-to-prevent-sql-injection-attacks.aspxWed, 25 Jun 2008 17:00:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:6319353Bertrand Le RoyBertrand Le Roy0http://weblogs.asp.net/bleroy/rsscomments.aspx?PostID=6319353http://weblogs.asp.net/bleroy/archive/2008/06/25/new-tools-to-prevent-sql-injection-attacks.aspx#comments<P>I've <A class="" href="http://weblogs.asp.net/bleroy/archive/2004/08/18/please-please-please-learn-about-injection-attacks.aspx" mce_href="http://weblogs.asp.net/bleroy/archive/2004/08/18/please-please-please-learn-about-injection-attacks.aspx">blogged in the past about injection attacks</A>. Microsoft publishes additional new tools to detect and protect against injection attacks. The first tool, developed by HP, crawls web sites to automatically detect possible attacks, the second blocks dangerous requests from being executed, and the last one analyzes code to look for dangerous practice.</P> <P><A title=http://www.microsoft.com/technet/security/advisory/954462.mspx href="http://www.microsoft.com/technet/security/advisory/954462.mspx" mce_href="http://www.microsoft.com/technet/security/advisory/954462.mspx">http://www.microsoft.com/technet/security/advisory/954462.mspx</A></P><img src="http://weblogs.asp.net/aggbug.aspx?PostID=6319353" width="1" height="1">ASP.NETMicrosoftIISSecurityInjectionhttp://weblogs.asp.net/bleroy/archive/2008/06/20/generating-thumbnails-in-asp-net-dotnetslackers.aspxFri, 20 Jun 2008 23:06:07 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:6301207Bertrand Le RoyBertrand Le Roy2http://weblogs.asp.net/bleroy/rsscomments.aspx?PostID=6301207http://weblogs.asp.net/bleroy/archive/2008/06/20/generating-thumbnails-in-asp-net-dotnetslackers.aspx#comments<p>I just published a <a href="http://dotnetslackers.com/articles/aspnet/Generating-Image-Thumbnails-in-ASP-NET.aspx">new article</a> on <a href="http://dotnetslackers.com">DotNetSlackers</a>. The post is about generating scalable and secure image thumbnails.</p> <p><a title="http://dotnetslackers.com/articles/aspnet/Generating-Image-Thumbnails-in-ASP-NET.aspx" href="http://dotnetslackers.com/articles/aspnet/Generating-Image-Thumbnails-in-ASP-NET.aspx">http://dotnetslackers.com/articles/aspnet/Generating-Image-Thumbnails-in-ASP-NET.aspx</a></p><img src="http://weblogs.asp.net/aggbug.aspx?PostID=6301207" width="1" height="1">ASP.NET.NETIIShttp://weblogs.asp.net/bleroy/archive/2008/01/25/improving-php-by-running-it-in-iis.aspxFri, 25 Jan 2008 20:13:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:5651792Bertrand Le RoyBertrand Le Roy4http://weblogs.asp.net/bleroy/rsscomments.aspx?PostID=5651792http://weblogs.asp.net/bleroy/archive/2008/01/25/improving-php-by-running-it-in-iis.aspx#comments<P><A href="http://blogs.msdn.com/mvolo/default.aspx" mce_href="http://blogs.msdn.com/mvolo/default.aspx">Mike Volodarsky</A> wrote a <A class="" href="http://msdn.microsoft.com/msdnmag/issues/08/01/PHPandIIS7/default.aspx" mce_href="http://msdn.microsoft.com/msdnmag/issues/08/01/PHPandIIS7/default.aspx">fantastic article</A> in the <A class="" href="http://msdn.microsoft.com/msdnmag/issues/08/01/default.aspx" mce_href="http://msdn.microsoft.com/msdnmag/issues/08/01/default.aspx">January 2008 issue of MSDN magazine</A> in which he explains how you can take an existing PHP application (he uses <A href="http://qdig.sourceforge.net/Qdig/AboutQdig" mce_href="http://qdig.sourceforge.net/Qdig/AboutQdig">QDig</A>, a popular image gallery) and improve it without touching a line of its code. This is a great demonstration of the power of <A href="http://www.iis.net/default.aspx?tabid=1" mce_href="http://www.iis.net/default.aspx?tabid=1">IIS 7</A>'s <A href="http://www.iis.net/articles/view.aspx/IIS7/Explore-IIS7/Getting-Started/Introduction-to-IIS-7-Architecture?Page=3" mce_href="http://www.iis.net/articles/view.aspx/IIS7/Explore-IIS7/Getting-Started/Introduction-to-IIS-7-Architecture?Page=3">modular and pluggable architecture</A>. <A href="http://blogs.msdn.com/mvolo/default.aspx" mce_href="http://blogs.msdn.com/mvolo/default.aspx">Mike</A> was able to add the following features to this PHP application using only <A href="http://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Developing-a-Module-using--NET/Developing-a-Module-using--NET" mce_href="http://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Developing-a-Module-using--NET/Developing-a-Module-using--NET">managed code modules</A> and configuration:</P> <UL> <LI>Access control using the <A href="http://msdn2.microsoft.com/en-us/library/yh26yfzy.aspx" mce_href="http://msdn2.microsoft.com/en-us/library/yh26yfzy.aspx">ASP.NET membership APIs</A>.</LI> <LI><A href="http://msdn2.microsoft.com/en-us/library/aa480476.aspx" mce_href="http://msdn2.microsoft.com/en-us/library/aa480476.aspx">Forms authentication</A>.</LI> <LI>Pretty URLs (http://myphpgallery/index.php/Mike/Flower.jpg instead of the default <A href="http://myphpgallery/index.php?Qwd=./Mike&amp;Qif=Flower.jpg" mce_href="http://myphpgallery/index.php?Qwd=./Mike&amp;Qif=Flower.jpg">http://myphpgallery/index.php?Qwd=./Mike&amp;Qif=Flower.jpg</A>) and rewriting of all URLs that are generated by the application to be pretty.</LI> <LI><A href="http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Optimizing-Performance/Using-Output-Cache/IIS7-Output-Caching" mce_href="http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Optimizing-Performance/Using-Output-Cache/IIS7-Output-Caching">Output caching</A> (which is a feature <A href="http://www.zend.com/en/products/platform/" mce_href="http://www.zend.com/en/products/platform/">Zend charges for</A> but that comes with IIS), leading to a whopping &gt;15x improvement in throughput over the already performant <A href="http://mvolo.com/blogs/serverside/archive/2007/05/29/The-latest-on-the-FastCGI-project-and-PHP-support-on-IIS.aspx" mce_href="http://mvolo.com/blogs/serverside/archive/2007/05/29/The-latest-on-the-FastCGI-project-and-PHP-support-on-IIS.aspx">FastCGI</A>.</LI></UL> <P>It really is amazing that you can add such complex features to an existing web application without touching its code. It is also super-simple to do. It looks very much like aspect-oriented programming if you think about it, only it's easy to set-up and understand.</P> <P>The only thing I'd have liked to see and that isn't in the article is a comparison between the performance of the application on a LAMP setting with Zend's platform configured and the performance of the same application with Mike's improvements on IIS.</P> <P><A title=http://msdn.microsoft.com/msdnmag/issues/08/01/PHPandIIS7/default.aspx href="http://msdn.microsoft.com/msdnmag/issues/08/01/PHPandIIS7/default.aspx" mce_href="http://msdn.microsoft.com/msdnmag/issues/08/01/PHPandIIS7/default.aspx">http://msdn.microsoft.com/msdnmag/issues/08/01/PHPandIIS7/default.aspx</A></P><img src="http://weblogs.asp.net/aggbug.aspx?PostID=5651792" width="1" height="1">ASP.NET.NETPHPIIS