Share What We Say

Filter by:


Speaking at UTN: Security Stack for Modern Applications

Leandro Boffi - Mon, 2014-12-01 16:35

Next December 19 I will be closing the year speaking about Security Architectures for modern applications at Argentine National Technological University in Buenos Aires.


The National Technological University (Spanish: Universidad Tecnológica Nacional, UTN) is a country-wide national university in Argentina, and it’s considered among the top engineering schools in the country, so It is a great honour to be invited to speak there.

On my talk I will covering Token-based Authentication scenarios for Single Page and Mobile Apps, access delegation with OAuth 2.0 and Identity Federation with OpenId Connect, as well of having fun teaching how to hack bad implemented sites.

As part of the conference, named Summer.js, other very interesting talks will take place about topics like Angular.js, React, Phonegap, Cordova and Ionic Framework.

If you are on Buenos Aires at that time I hope to see you there! Sign-up here!

Categories: Blogs

do not version urls

Pablo Blog - Mon, 2014-10-20 18:21

Versioning the Web API URL is probably one of most common choice among developers. Well-known APIs such as Twitter, Github or Facebook use this approach, but it does not mean it’s the best way to do things. It presents some of the issues discussed below.

  • A new version number represents a new set of resources. If you have to create a new version to introduce a breaking change in one resource, that change expands to all the resources.

For example. You have two resources /orders and /customers. You need to introduce a new version to accommodate an schema change in orders. That implies adding a new version number in the URL for v1/orders and v1/customers. Although customers is still the same resource, it’s now referenced as a new resource v1/customers.

  • It’s hard to introduce backward compatibility changes. You might want to introduce improvements or changes that new clients can use without affecting existing ones. You can create a new version number for this, but it will represent some unnecessary overhead. Existing clients won’t be affected by the change so creating a new version does not seem to be right. Also, you will not want to keep the same version number as you will want clients to know which specific version they are targeting.

  • It does not go along with the idea of introducing incremental changes. A new version number usually represents a major release. If you want to make those changes public as they become available, you need a new version number. However, you won’t want to create v1, v1.1, v1.2 for the overhead discussed in #2.

A better approach for versioning.

Use an http header to specify version. If no http header is specified in the request message, stick to the latest version.

1 2 3 /orders accepts-version: 1.0 content-type: application/json

The “accepts-version” header represents the version the client can understand. If some changes were introduced in the resource representation that won’t affect the client, the service might be able to return it. Let’s say that you now have a new version 1.3 for /orders, which only contains backward compatibility changes. The server can return a header to inform that.

1 2 /orders version: 1.3

The client will know a new version exists, which is also compatible with 1.0 so it can optionally upgrade to it. This approach also works for fine for dynamic languages or schema-less types like json.

For embedded URLs or browser support, the http header can be replaced by an optional query string parameter ?accepts-version or ?v to make it shorter.

Categories: Blogs

Don't Inject Markup in A Web Page using Document.Write

Professional ASP.NET Blog - Tue, 2013-06-04 15:33
Look around just about every consumer facing site you visit these days has a third party script reference. Just about everyone uses Google Analytics and if you are like a former client of mine you have it and 2 other traffic analysis service scripts injected...(read more)
Categories: Blogs

Sending a Photo via SMS on Windows Phone

Professional ASP.NET Blog - Thu, 2013-05-30 03:01
Smartphones are awesome. They are the modern Swiss Army Knife because they do so much. One of the most important features in my opinion is taking photos. My Nokia Lumia has one of the best cameras available in a Smartphone and I like to use it all the...(read more)
Categories: Blogs

You Don't Need Windows To Test Your Web Site in Internet Explorer

Professional ASP.NET Blog - Wed, 2013-05-29 17:25
I know the majority of developers reading my Blogs are typically ASP.NET, enterprise developers. This means they develop on a Windows machine using Visual Studio most of the time. However in the broad market most modern web developers work on a MAC or...(read more)
Categories: Blogs

Using The New Git Support in WebMatrix 3

Professional ASP.NET Blog - Sun, 2013-05-26 15:19
WebMatrix is probably my favorite web development IDE because it is so simple and easy to use. Sure I use Visual Studio 2012 everyday and it has probably the best web development features available on the market. I also really dig Sublime. WebMatrix is...(read more)
Categories: Blogs

Publish to Directly To Azure Web Sites With WebMatrix

Professional ASP.NET Blog - Wed, 2013-05-01 20:39
WebMatrix is one of my favorite development tools because it really allows me to focus on what I love to do most, build modern web clients. It is a free Web IDE available from Microsoft and today they released version 3 for general availability . There...(read more)
Categories: Blogs

17000 Tweets in 365 Days - Not Too Many To Be Annoying

Professional ASP.NET Blog - Tue, 2013-04-30 14:29
What the heck was I thinking? Why did I do it? What did I learn? How did I do it? These are all things I have asked myself and others have asked me over the past year. It sounds like an odd labor to undertake and such an odd number. But yes I did 17,000...(read more)
Categories: Blogs

Introducing ToolbarJS - A HTML5 JavaScript Library to Implement the Windows Phone AppBar Functionality

Professional ASP.NET Blog - Sun, 2013-04-28 12:03
Back in February I released deeptissuejs , a HTML5, JavaScript touch gesture library. In January I release panoramajs a HTML5, JavaScript library to implement the basic Windows Phone panorama control experience. This month I am excited to release another...(read more)
Categories: Blogs

HTML5 and CSS3 Zebra Striping - Look Ma No JavaScript

Professional ASP.NET Blog - Mon, 2013-04-22 11:36
It was 5 maybe 6 years ago when I first started learning jQuery. One of the first things I did was order the jQuery In Action book . If you have read that book you should remember one of the first examples given, zebra striping a table. To me this example...(read more)
Categories: Blogs

Listen to Me Talk to Carl & Richard about the Surface Pro, Mobile Development and More

Professional ASP.NET Blog - Thu, 2013-04-18 11:53
A few weeks ago I got to sit down and chat with the DotNetRocks guys about a variety of topics. The initial premise for the interview was to talk about the Surface and why I love it so much. I think we got into some great tangents right from the start!...(read more)
Categories: Blogs

Why Its Time to Sunset jQuery

Professional ASP.NET Blog - Sun, 2013-04-14 14:15
I owe so much to John Resig and the jQuery team for creating such a wonderful framework. I have staked most of my recent career on jQuery the way I staked my career on ASP.NET back in 2001. I have built many applications using jQuery over the past five...(read more)
Categories: Blogs

The Good and Bad For - Helping it Scale With Web Performance Optimization

Professional ASP.NET Blog - Fri, 2013-04-12 13:30
BitCoin seems to be latest rage with wild value fluctuations. The past few days have seen a very wild roller coaster for the online currency. Most of the world's BitCoins are exchanged at , which has had some issues either with a denial of service...(read more)
Categories: Blogs

HTML5 Is Ready For the Big Time, Are You?

Professional ASP.NET Blog - Sun, 2013-04-07 02:11
Much has been said and 'debated' in recent years about the viability of HTML5. It should be obvious where I stand if you read my Blog or talk to me in person. HTML5, CSS3 and JavaScript are certainly ready and have been for a while. The big problem, as...(read more)
Categories: Blogs

Use a DataList element for an HTML5 Auto Complete Experience

Professional ASP.NET Blog - Mon, 2013-03-25 17:11
Guided user input is almost always a good idea when architecting a data entry experience. You want to help the user avoid potential mistakes. With on screen, mobile keyboards you want to reduce the keystrokes required to enter data and at the same time...(read more)
Categories: Blogs

Why I Think Microsoft Should Buy Barnes & Noble

Professional ASP.NET Blog - Tue, 2013-03-05 17:54
One of the topics discussed recently on Windows Weekly was Barnes and Noble's financial issues . During the discussion Mary Jo Foley mentioned the idea of Microsoft buying the retail chain. She mentioned it would give them, a sizable retail presence....(read more)
Categories: Blogs

More Than A Week With The Surface Pro - Very Happy

Professional ASP.NET Blog - Mon, 2013-02-25 21:02
Valentine's morning I gave myself a gift I had been wanting for quite some time, a 128GB Surface Pro . Acquiring my Surface may have been the most cumbersome task I have ever done to purchase a product, and I got a dozen Furby's when they were...(read more)
Categories: Blogs

Deeptissue.js A Gesture Library For the Modern Web

Professional ASP.NET Blog - Tue, 2013-02-19 16:13
Today I am announcing Deeptissue.js , a library to make life easier for developers in the modern world. The inspiration for this library is rooted in my selfish need to have something that would bridge the gap between the WebKit Touch API , Internet Explorer's...(read more)
Categories: Blogs

Import BizTalk binding file sets incorrect pipeline

Leandro Blog - Wed, 2013-02-13 20:56

I thought would be better to show rather explain so there you go


Categories: Blogs

A Subtle CSS Rotation to Delight Users

Professional ASP.NET Blog - Wed, 2013-02-13 17:37
By now you should know that I am constantly on the lookout for cool and bad features implemented by web sites all the time. Last week I was reading some posts on Christian Hielman's blog . As I passed my mouse over the navigation on the right I noticed...(read more)
Categories: Blogs