An Ordinary Man

Release Build And Debug="false" Based on the content of different threads and links, we can say that there are for four possible combinations: 1.  Compilation=Release  Debug="true" a. Code is optimized and debug symbols are removed b. Detailed exception information is shown to users, but debugging cannot take place beacuse no debug symbols are loaded. 2.  Compilation=Release  Debug="false" (the ideal production configuration) a. Code is optimized and debug symbols are removed b. Detailed exceptions information is not shown to users and thus is more secure. 3.  Compilation=Debug  Debug="true" (the ideal development configuration) a. Code is not optimized and debug symbols are populated b.  Detailed exception information is shown to users and debugging is possible 4.  Compilation=Debug  Debug="false" a. Code is not optimized and debug symbols are populated b. Detailed exception information is not shown to u

Clickjacking  Clickjacking is a type of “web framing” or “UI redressing” attack. What that simply means in practice is that: 1. A user (victim) is shown an innocuous, but enticing web page (think watch online video) 2. Another web page (that generally does something important – think add friends on social network) is layered on top of the first page and set to be transparent 3. When the user thinks they are clicking on the web page they see (video), they are actually clicking on the higher layered (framed) page that is transparent There are two main ways to prevent clickjacking: 1.     Sending the proper X-Frame-Options HTTP response headers that instruct the browser to not allow framing from other domains 2.     Employing defensive code in the UI to ensure that the current frame is the most top level window Using X-Frame-Options X-Frame-Options  originally invented by Microsoft for IE8, but supported by a number of browsers, this idea might have more