Ninja Snacks Tales From the Enterprise

Trusting Inputs, Via RESTa Via Nanciacum


All too often, security is treated as an afterthought in our models. I'm as guilty of this as anyone. :) Now that HTTP is becoming the most popular protocol inside the enterprise, sending bad data across the wire becomes much easier. A hidden input field is not all that hidden.

Let's take everyone's second favorite fake business problem: Enrolling Students in Classes. Let's take it further and say we want to develop this as a SaaS product. It'll need to be a multi tenant application. There are lots of independent community colleges (Institutions) out there and we don't want to run a VM or process per Institution.

Automatic Exception Reporting with YouTrack and Nancy pt. 2: Bouncing Off the Green Monster


In Part 1 of this series we looked at putting NancyFX as a simple http wrapper in front of YouTrack. Now we're going to make it more RESTful - i.e. we will display the error page to the user agent and include the exception report form on that page.

We will do this by leveraging Nancy's status code handling features. This will allow us to intercept any status code we want and modify the response. Let's start with the view to collect the bug report:

Automatic Exception Reporting with YouTrack and Nancy pt. 1: The Skeleton


Getting the business users to try and recreate a bug is difficult to say the least. They may not remember what it is they did to reproduce. But you can bet that if you don't fix it by yesterday you're gonna get an earful. In fact we just did. This is me doing something about it :)

Turns out this is annoyingly easy with Nancy and the YouTrackSharp library, so easy that I'm not going to bother test driving this. Frankly writing this post took longer than the actual code. First, the Bootstrapper:

Empty Project - Nancy vs MVC4


I just installed the Nancy.Templates for Visual Studio. Before this, creating a project for Nancy has always been a bit of a pain - adding a mvc project and then removing a whole bunch of crap you don't need. Way too much fiddlery required.

What really got me was the minimalistic set of dependencies: