Where is .Net 1.2 ?

11 Comments

• I believe I read that a service pak for .net 1.1 is scheduled to come out this summer. I think that is a little too long since the release of 1.1.
  
  
  
  Wally
  

• Yeah right... XHTML compliance isn't exactly a "little" fix.
  
  
  
  RequestValidation will never be off by default, because it goes against their philosophy of "secure by default."
  

• I believe you were the one that thought it was extremely important to post general windows security updates. Why would you want to turn a security feature off by default?
  

• Good point Scott, but unfair. I don't call a feature which broke down my entire projects last year a security update.
  
  Microsoft should encourage security improvements but also should take care about their developers, who can spend some time fixing their mistakes.
  

• the time it takes to manually turn of the validation is very little compared to the potential security holes that it covers by default. I could understand your complaint if it were more than a 10 second fix.
  

• Totally disagree. If I want this feature off on some pages only it can take much more than 10 seconds (imagine something like 300 pages).
  
  Another problem I had last year was the common case where you have a Search textbox on top of each page of your project. Obviously you can't turned off this stuff at the control level so if I followed the rules I had no coice by turning off page by page or globally. Guess what I choose. I'm sorry to sounds mean, but Microsoft should sometime think that we are living in a real world where non technical users care more about what it's look broken than some nice new feature. I don't really want to start again the debate, but last year I remeber that a lot of developers were angry by this kind of unaware changes. Security yes but not at any cost.
  

• I totally agree that they should have better admitted this was a breaking change, but you can't dog MS for releasing insecure products and then complain that a security feature breaks your code. Yes, its a pain to have to deal with a new security feature that defaults to on, but that's the right approach finally. And as I recall, most of the people that were complaining about how their sites got broken were guilty of never testing their site with the new version -- oops. :)
  

• I agree with Paul. If you utilise test and staging servers, then this sort of thing wouldn't be an issue.
  
  
  
  If I deployed 1.1 onto live servers without first running through a test cycle, then I would be shot.
  

• Paschal,
  
  
  
  Sorry, but we (aka developers) can't have things both ways. MS has gotten beaten up over security. As a result, they try and make their products more secure and now you are upset that they have broken something you have written. So, do you want their products to be more secure? I agree with the others that say that request validation should be turned on. I also think that Option Explicit and Option Strict should be turned on in VB.NET by default, but I understand the why of not doing that.
  
  
  
  Wally
  

• Guys, how exactly is request validation going to make your products more secure? If you're not checking your inputs then request validation is not going to save you, no matter how much you'd wish it did.
  

• "If I want this feature off on some pages only it can take much more than 10 seconds (imagine something like 300 pages)"
  
  
  
  This is not the real world issue you had. Your issue was that you wanted it off completely so that it would not interfere with your existing site. That means you would make the change in the web.config (as you later admit you did, I think. I can't be sure because you say "Guess what I choose").