May 6, 2010

Breaking changes in SmtpClient in .NET 4.0

In .NET 4.0 the SmtpClient class now implements IDisposable. This is a breaking change what you should watch out for. For .NET 4.0 the BCL team decided to pool SMTP connections, just as .NET already did with database connections. This of course means that the SmtpClient class should implement IDisposable, just as the SqlConnection does. When STMP connections are pooled, the overhead over establishing a new connection is lowered, which is a good thing.

May 5, 2010

Protecting against Regex DOS attacks

Bryan Sullivan describes in the May issue of his MSDN article a denial of service attack that abuses regular expressions. As Bryan explains, a poorly written regex can bring your server to its knees. Bryan demonstrates that even the simplest regular expressions can bring your server to its knees. Here are some examples of regular expressions that can easily cause this to happen: ^(\d+)+$ ^(\d+)*$ ^(\d*)*$ ^(\d+|\s+)*$ ^(\d|\d\d)+$ ^(\d|\d?)+$ Read more about the causes and the cures here.

May 23, 2009

Protecting against XML Entity Expansion attacks

Tom Hollander describes on his blog a denial of service attack I never knew the existence of, called XML Entity Expansion attack. Tom explains how to bring a server to its knees when allowing any type of xml document as input and passing it directly to an XmlDocument for parsing. Tom uses the following XML document of less than 1 KB to demonstrate the attack: <!DOCTYPE foo [ <!ENTITY a "1234567890" > <!

November 1, 2008

The death of LINQ to SQL

The Microsoft ADO.NET team blog made an important announcement yesterday about the future of LINQ to SQL. The ADO.NET team announced that Microsoft will continue to make some investments in LINQ to SQL, but they also made it pretty clear that LINQ to Entities is the recommended data access solution in the future frameworks. Microsoft will invest heavily in the Entity Framework. I always wondered why Microsoft focused on two different O/RM technologies for the .

November 22, 2007

ReadOnlyDictionary

This article describes an implementation of a ReadOnlyDictionary<TKey, TValue> that’s missing from the .NET framework. UPDATE 2012-06-05: .NET 4.5 will (finally finally!!) contain a ReadOnlyDictionary<TKey, TValue>, which will make this post (that has long be my top most googled article) finally redundant. If you’re still developing under .NET 4.0 or below, please read on. UPDATE 2013-04-11: Software license notice: I previously released this under the MIT license, but decided to change this.

May 23, 2006

.NET Backwards compatibility, why should we?

Microsofts corporate vice present of the Developer Division, Somasegar, wrote on his weblog about the backwards compatibility of the .NET framework version 2.0. But his readers doubt the usefulness of this compatibility, as do I. UPDATE 2010: This post was written in 2006. During the last couple of years I worked for many clients and found that the backwards compatibility of .NET was very important for many of my clients, because it allowed them to migrate slowly from one version to the next without making very big investments.

May 10, 2006

Welcome to my blog

Hi everybody, welcome to my blog! This blog will be a place where I share my random thoughts about ASP.NET, C# and everything related to it. I will post code snippets and links to interesting other blogs. Comments