Is an iframe still a good idea? - iframe

I have the requirement to be able to present a document on a website, in the browser. (not download it) and well the way I know to tackle this (without paying to third parties software) is an iframe, but that sounds like a really old practice.
I'm currently developing an application on Blazor and .net5 and sounds really wrong to put an iframe in there, can you guys provide me input for better practices or just your thoughts?
Edit
I'm trying to use them to present doc, docx, pdf and pngs in a Blazor application with .net5.

Honestly, after days of research, I'm trying to talk the team into the idea of creating an API dedicated to Docs, and as part of that effort would migrate documents to AWS S3 or azure blob storage.
We will introduce Aspose for rendering and separate the Issue.
Why? because all the solutions I have seen to support doc and Docx in .net5 are really hacky and I can see lacks in terms of security. And I would not recommend anyone to try to do the approach I was looking to do at the begging of this question.
I leave here what experience cause this research was pain and I hope this question can still help someone.

Related

Please advice about security issue when using bitbucket

I am new and I am not sure if this is a place to ask this question.
I developed a web site alone using wordpress framework.
Now, I got a guy who I don't know much to join me to develop the site. We live in different countries and we decide to use Bitbucket for code management.
I do not have any experiences in team working, Bitbucket.
My concerns are:
1. Do I need to upload both source code and database to Bitbucket?
Do you think he will just take all the source code and database and make his own website and become my competitor?
What should I be careful when working in a team? I mean sharing code.
I know maybe I am quite small-minded. I am worried about security problems.
But definitely, I need to have someone to work with me to develop the site.
Please advice and write any sources that are useful for this problem.
Thank you.
I'm not an expert in Wordpress, but the concept still applies:
Source code: yes. Database: no, only the database schema/ SQL scripts to recreate it.
Depends on his ethics. You should reach an agreement with him that guarantees that he won't do so, by writing a contract for example.
Take the following into consideration: coding standards, conventions are followed in naming variables, pages, urls, etc, repository privacy is set correctly, repository privileges are distributed to enable the contributors to do only what they're supposed to do.
I'll leave the rest to you and other fellows on this website to figure out depending on your experience :)

Umbraco alternative?

I've been trying to learn how develop websites with ASP.NET as well as setup a personal website to use as a online porfolio/resume. With my website I've decided to not try to reinvent the wheel and thus decided to use a premade ASP.NET based CMS.
After reading a lot of reviews I settled on Umbraco, but now I'm seeking out alternatives. I like Umbraco a lot but I keep running into problems. Since installing it on my host I haven't made any changes through the file system, or database directly. All changes have been through the admin site. Yet somehow I kept getting it into some state where I could not delete a datatype, and now I'm having problems removing or renaming one of my templates. I've searched for Umbraco forums for solutions and usually find that I have to run some SQL script workaround on the database to clean things up. This kind of thing is really not something I want to fiddle with for my personal site.
Has anyone else had a lot of problems with Umbraco like I have? Are there other free CMS systems out there that are more reliable, yet similar to Umbraco? Specifically I really like how Umbraco gives me total control over the HTML generated by my site. Simple is also better in this case. I'm not trying to create some kind social network/community portal/forum/blog site. There won't be multiple people logging onto this site or anything like that.
I've been reading a bit about N2, which I'm now starting to consider. I like that it's more developer based and that you setup page types through real .NET classes in Visual Studio. Again I don't want to attempt to build my own CMS from scratch, but at the same time I really don't like how hard it is to see what's going on under the hood with most other CMS systems.
I haven't used N2 so I can't comment on that, but alternatives you can consider are Orchard or FunnelWeb, both are on MVC 3 and Razor.
If you're wanting a blog that is mostly just a blog then FunnelWeb is a good option.
I'm currently writing a comparison between Orchard and Umbraco if you're interested as well.
I think you'll be happy you stuck with Umbraco. I was so frustrated with Umbraco when I first started working with it for the exact reasons you stated above. The issue with not being able to delete data types could mean that it's connected to something (IE: document or media type) somewhere and if you force delete it (IE: via the db) you could really mess up your install. <- speaking from experience.
I'm absolutely in love with Umbraco now though. I am completely confident that I can build just about anything I need with it now.
I think that my best piece of advice I can pull from my own experience is make sure that you've got your site architecture planned out thoroughly before starting to build it out in Umbraco. You don't want to be fiddling around in there afterward changing things and that's where you can really get yourself into some hot water.
Have fun!
if you want a minimal .net mvc4 cms with good performance check out puck https://bitbucket.org/yohsii/puck/overview
it adds very few concepts on top of what you need to know for .net mvc but it does require .net4.5 (and therefore VS2012) to work with.
it also uses localdb out of the box but if you don't want to install that just attach the database mdf file to regular sql server and change the connection string

Example of a very insecure ASP.NET application

I am looking for a very insecure ASP.NET application. Ideally i'm looking for an application that was written by a noob who has made a lot of security mistakes. If the app has a MS-SQL back-end that would be a bonus. I know of two cool projects for PHP and J2EE which fill my needs. Do you know anything like this for ASP.NET?
Hacme Bank is a pretty good example from Foundstone of what not to do. It's an older example, written in .NET 1.1 against SQL 2000, but covers most of the common vulnerabilities found in web applications.
I know one... there's a business near where I live, and I refuse to join their loyalty program because I accidentally stumbled across a SQL injection vulnerability on their site. I can't tell you who it is though, because they're a real business and I'm sure they don't want your students to hack them.
Why not write your own? Maybe start a codeplex project called LearnSecurity, which has a combination of pages - some which use bad security practices and some which don't.
Yes, as Rob suggested ... you could make a couple of pages ... on the first get the input from a field and execute it against the database :) On the second, just get some text from the db that contains javascript alert or something and render it directly on the page :) Just an idea ...
You can search the vulnerabilities databases, like NISTs one.

Framework /starting point for social networking site in .NET?

I did do some googling and searching on this site but did not find exactly what I was looking for.
I'm hoping that someone can point me in the right direction here. I'm an ASP.NET/SQL Server developer and would like to develop a (intially) basic social networking site (gasp). Before I start from scratch with a blank solution in ASP.NET, I'm wondering if there are any frameworks out there ASP.NET specific that would serve as a good starting point. I'm already thinking of using the Google Maps jquery control for my Google Maps integration, as well as the 'sharethis' control for my social networking website sharing integration. Captcha for human authentication... But other than that I'm not sure what I can leverage... Nothing on Google jumped out at me on my search terms.
I'm also wondering if anyone else has done something similar and could share their post mortem/war stories with me.
I'm also open to learning a new platform/language if it would mean saving time - my experience is mostly in ASP.NET, so that is what I plan on using if it makes the most sense. My initial requirements are basic and realistic - profile setup (images, information, etc.), 'group' creation, Google Map integration, calendar controls shared by groups, SMS support, discussion forums among groups, searching for groups, OpenID integration most likely, etc. I am not going to try to build the entire site and then release it, but take baby steps and release pieces of functionality at a time.
Any advice is greatly appreciated for a broad question such as this. Thanks again.
I've found DotNetOpenAuth which seems to be a nice API for handling OpenID for ASP.NET web forms. They also have an ASP.NET MVC version
I also found MS Web Platform. This looks like some good stuff. Anyone ever use it and think it would do well for this sort of app?
I found a library for DotNetNuke called ActiveSocial. It's priced right ($500) and has more than the features I need but lacks some. I wonder if anyone here has ever used AS before. Is DNN easy to extend so I can add Google Maps functionality and such? It doesn't say anywhere on snowcovered (the vendor that sells AS) if AS comes with the source. If it didn't, then I might be screwed because I wouldn't be able to integrate the functionality I want.
I went through this exercise about 15 months ago when I built a SNS for a client. Hoping to find some basic framework for Friends, Chat, Profiles etc I was pretty disappointed.
That said, in retrospect I wish rather than building one that we would have purchased a solution like Community Server. As with most projects I looked at the problem scope with beer, no strike that, ambitious goggles on and the level of work to cover all the edge cases was more than I imagined.
Tread careful my friend, tread careful.
I think this is what you're looking for. Kigg is an open source ASP.NET MVC app that would be a good starting point for what you want. Here is the url: http://www.codeplex.com/Kigg
You can also find a site that is using this here: http://dotnetshoutout.com/
At the very least you will learn the ASP.NET MVC framework which is fantastic.
While not exactly intended to be used for social networking sites, both of these frameworks can help you so you don't have to start from scratch:
DotNetNuke: http://www.dotnetnuke.com/
Umbraco: http://umbraco.org/
Also, for an out of the box solution (no code involved) you could always try this: http://www.ning.com/
Good luck!

Playing video on a dynamic website

Hi I am currently designing a website for a client - the site will be written in asp.net with a cms built in. My client has come back saying he wants to play mp4s on the site - plus being able to embed some other videos from youtube, vimeo etc.... in his blog - I have managed to convice my client that playing .flv would be better for obvious reasons (which he has agreed is OK). but when I went back to my coder, he said that because of the fact its a dynamic site that it will take 2 days to get this working (in terms of creating the mechanics to allow my client to up load his movies etc.....)
Is this correct - as my client is under the impression that it should be a simple thing to do - while my coder tells me that its not that simple.
I am in the middle of all of this - can you help please!!!!
At the end of the day only the coder you are using knows exactly how much effort is required here. You have to trust them. This almost certainly not trivial. Make sure you and the coder understand exactly what's being asked for here and that neither of you are assuming anything about how the client expects it to work.
Is your client a programmer? Non-programmers should never dictate how long a programming task should take.
If you're cowboy coding without testing "today" would probably suffice, but any sane and professional development shop would never let this happen.
Now let's clarify what your client really told you to do:
Your dev seems to be assuming that he has to support adding/uploading videos from your CMS.
If your dev is going to use a 3rd party API like YouTube, 2 sounds reasonable. If you're going to serve it on your own site, it'd take at least a week's worth of programming to make sure your site can take such a heavy load of streaming data -- it's stupid, not to mention highly irresponsible, to assume it could be worked out in a day.
Now, if you're client is only really talking about embedding videos in blog entries or articles, that's a very trivial task: YouTube, Vimeo and other video sharing sites already supply the HTML embed code that's needed to display a video on a page. In fact that's a zero effort task assuming that your blog entry editor properly parses the embed code, or has an Edit HTML feature.
So, which one is which?
This might be a good occasion to use the <video> tags. It might simplify things at the cost of only supporting users with recent browsers.
Two days is a quite optimistic estimate for all that you've mentioned. Maybe for embedding YouTube videos only, but for upload/storage/streaming of videos on the local server it's a different thing entirely.
But if you don't understand programming yourself, then you have to trust the expert that you've hired to do the job for you, and you have to tell the client that is how long it will take. The fact is that these things aren't trivial to write, there's the front end website management interface that needs creating, and the back end server software that manages what to do with the uploaded file. Never mind integration and making sure it's easy for the client to run a workflow of upload file, incorporate that video inside some content in the CMS, and so on.
I just recently did this, you need to get videoLan http://www.videolan.org/
This streams mostly anything, after you set up a streaming site it's easy!

Resources