Showing posts from May, 2015

Beware where you are POSTing!

Recently I had the pleasure to work with Highcharts, a Javascript library for creating dynamic diagrams. Recommended!

The client also wanted the ability to download the data that is used in the diagrams as a CSV file. A quick browse in the documentation learned that Highcharts supports this scenario. There are multiple ways to do this but the one I've seen the most involves POSTing your diagram data to a page that resides within the Highcharts domain.

That csv.php page only adds the headers to create a download:
This means that if you use this construction all your diagram data will be passed to a page that is within the control of Highcharts. Remember, I'm not claiming that Highcharts will do anything malicious with your data!
On the contrary, Highcharts even advises in their documentation that you should create your own page if you don't want to expose your data. Not to mention that they explicitly tell you that the page could disappear at any moment.

However, a qu…

Small tip: use QueueBackgroundWorkItem for asynchronous work in ASP.NET

This is a small tip that I'm mainly publishing as a reminder to myself, but it could come in handy for someone else.

Background processing tasks in ASP.NET are hard. At any time IIS could decide to recycle the application lifecycle. The usual solution is to farm out these tasks to a (Azure) queue and let some other machine (for example an Azure worker role) process that queue.

However, with ASP.NET 4.5.2 Microsoft introduced the QueueBackgroundWorkItem method. This makes it possible to create small background processing tasks within the application lifecycle context.

See the following (extremely simple) example:

A task started this way will only delay the recycling of the app pool for 30 seconds. So you need to complete your work within those 30 seconds. If not, the task will be killed.You need ASP.NET 4.5.2. 
See for more detail the following links:…