Had an interesting discussion with blowmage (Mike Moore) over Twitter. I said that having the “param1/param2″ pattern in the ASP.NET MVC made me itchy from a security standpoint. He replied.
Eh, just don’t add them to the URL. The ASP.NET MVC assumes you know what you are doing. I’m sick of frameworks babysitting me.
I replied:
and yet [...]
There is a lot of emphasis in the web development world on making urls “pretty” and, more importantly, discoverable. While there isn’t anything wrong with wanting urls that human beings can read and understand, web developers need to understand that the querystring is an entry point into your application if you are passing values in [...]
All of the latest Rails/Twitter performance bruhaha made me think about some advice I got a long time ago and that I dish out whenever someone asks me about some performance concerns they have with their code.
Nothing else matters once you hit the disk. Once you do any kind of activity that involves reading/writing to [...]
Jon Lam has done some interesting work integrating Ruby and .NET using interop. I asked him about being able to put a Ruby/Rails front end onto an existing asp.net framework. What I meant was calling your existing .NET business logic assemblies from a Rails app, but he rightly raised the threading issue. .NET does threading, [...]
Herding Code Podcast