Tue, 10 Nov 2009 04:04:14 Zhttp://msdn.microsoft.com/en-us/library/ms533046(VS.85).aspx#CommunityContent<b>Tags:</b> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=xmlhttprequest'>xmlhttprequest</a> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=firefox'>firefox</a> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=cookies'>cookies</a> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=httponly'>httponly</a> <br /><br />While HttpOnly does get folks further down the path of secure web applications, it is not foolproof due to the current browser implementations. Perhttps://bugzilla.mozilla.org/show_bug.cgi?id=380418#c91, looks like there was an attempted fix for IE7 and FF is following suit per status change today. Other browsers are still vulnerable to reads in the response of XmlHttpRequest. Something to be aware of while/until browsers patch this. Note that this isn't restricted to "older" browsers (i.e. ChrThu, 05 Mar 2009 05:57:23 -0800http://msdn.microsoft.com/en-us/library/ms533046(VS.85).aspx#CommunityContent<b>Tags:</b> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=cookie'>cookie</a> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=xmlhttprequest'>xmlhttprequest</a> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=firefox'>firefox</a> <a href='http://msdn.microsoft.com/en-us/library/Tags-Cloud.aspx?tag=httponly'>httponly</a> <br /><br />Firefox 3.0.6 addresses the bug 380418: http://www.mozilla.org/security/announce/2009/mfsa2009-05.html - XMLHttpRequest allows reading HTTPOnly cookiesThu, 05 Feb 2009 08:11:05 -0800http://msdn.microsoft.com/en-us/library/kx54z3k7(VS.85).aspx#CommunityContent The following: CultureInfo ci = new CultureInfo("sr"); Console.WriteLine(ci.NativeName); will throw an exception depending on the build/version of .NET 1.1 you have installed. If you had the original RTM (1.1.4322.573) or a later build (1.1.4322.985), you will have to upgrade to (1.1.4322.2300) to prevent this exception from occuring. This issue was first called out in a blog entry. For more details, please reference: http://geekswithblogs.net/yowhann/archive/2007/01/13/103Sat, 13 Jan 2007 20:55:25 -0800http://msdn.microsoft.com/en-us/library/dc6bdt5e(VS.85).aspx#CommunityContent If you would like the best of both worlds (i.e. using a linked list for small lists and using a Hashtable for large lists), consider using HybridDictionary. If you examine a the HybridDictionary class using Reflector, you will see that it does a "ChangeOver" at a specified size. See a more detailed description at: http://geekswithblogs.net/yowhann/archive/2006/11/28/99299.aspx . Thu, 28 Dec 2006 03:41:50 -0800http://msdn.microsoft.com/en-us/library/kx54z3k7(VS.85).aspx#CommunityContent There is an issue with retrieving NativeName of the CultureInfo zh-MO in .NET 1.1. The documentation on this page (stating that zh-MO is Traditional Chinese) matches the behavior for .NET 2.0. However, in .NET 1.1, NativeName returns Simplified Chinese instead of Traditional Chinese. This issue was first pointed out in a blog entry which can be found at: http://geekswithblogs.net/yowhann/archive/2006/11/19/97576.aspx Thu, 28 Dec 2006 03:11:14 -0800