Peticiones perdidas en Fiddler

En un proyecto se necesitaba llamar un servicio web desde el backend, luego de realizar la peticion, el servicio retornaba error. Para ver si era un posible error en con los encabezados o algun formato en la paticion se inicio el fiddler para capturar el trafico, pero este no estaba logrando mostrar la peticion a pesar de que desde el visual studio ya se habia configurado el proyecto para usar el fiddler como proxy. Tambien se noto que la peticion si era captura pero desaparecia inmediatamente

Buscando en internet se encontro un foro donde se recomdeba activar el modo Troubleshoot del fiddler el cual al parecer apagaba los filtros que pudiesen estar escondiendo la peticion

luego de activarlo y realizar nuevamente la peticion esta se pudo visualizar aunque aparecia tachada para indicar que sobre esa peticion habian filtros aplicados

'folder_name' not valid as filename in directory” in TortoiseSVN

When trying to check out a repository, You may get: 

This may be produced if your folder/file name has an empty space at the end of the file/name. The solution will be to rename the folder/file name via Repo-browser

Rename de folder/file

and it should be ok again

Hope it helps you, see you

Secure cookies of being accessed from javascript

Hi newbie guys, today i will show you how to secure cookies of being accessed from javascript. Website cookies by deafult are accessible from javascript hence they are vulnerable to a XSS attack.

Look, if type document.cookie on the browser console i get the current cookies an its values

If you want to secure your cookies of being accessed from javascript you can use de HttpOnly flag

If the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script (again if the browser supports this flag). As a result, even if a cross-site scripting (XSS) flaw exists, and a user accidentally accesses a link that exploits this flaw, the browser (primarily Internet Explorer) will not reveal the cookie to a third party.

If a browser does not support HttpOnly and a website attempts to set an HttpOnly cookie, the HttpOnly flag will be ignored by the browser, thus creating a traditional, script accessible cookie. As a result, the cookie (typically your session cookie) becomes vulnerable to theft of modification by malicious script

Now, here is the code:

java

Cookie cookie = getMyCookie("myCookieName");
cookie.setHttpOnly(true);

Web.config (.NET)

This one has the advantage that is applaied to all site cookies, not just the one explicity set

<system.web>
    <httpCookies httpOnlyCookies="true"/>
</system.web>

c#

HttpCookie cookie = new HttpCookie(key, value);

cookie.HttpOnly = true;

Now, our cookies are safer



I hope this help you

Publish Visual Studio proyect from command line

Maybe, you need to set up an automatic build-publish-deploy proccess therefore publishing a visual studio proyect from command line is a must. It can be done very easiley with the following command:


[path to msbuild] "[path  to .csproj file]" /p:Configuration=[Debug|Release|Other you created]  /p:DeployOnBuild=true /p:PublishProfile=[project publish profile name]

e.g.

C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild "%~dp0AppFolder/MyProject.csproj" /p:Configuration=Production /p:DeployOnBuild=true /p:PublishProfile=Production_Profile 


NOTE: Due i am using a .bat file to executie my command, i use the %~dp0 "trick" that is replaced with the current path of the .bat file achieving a portable "deployer" script

The trick.bat has the following code:

echo %~dp0 pause

The output wil be

Now, if you execute the .bat you will get something like this