Maarten Balliauw {blog}

ScottGu just posted that there's an upcoming preview 4 release of the ASP.NET MVC framework. What I immediately noticed, is that there are actually some community concepts being integrated in the framework, yay! And what's even cooler: 2 of these new features are things that I've already contributed to the community (the fact that it these are included in the MVC framework now could be coincidence, though...).

• One of the things I noticed is that there's a new ActionFilterAttribute that can handle errors. Back in April, Troy posted something similar on his blog.
• Another thing is the new OutputCache ActionFilterAttribute, on which I recently posted an implementation that works, feature-wise, exactly the same as the one Scott talks about. Nice!
• Last but not least, there's a new membership feature, similar to the MvcMembership starter kit Troy and I implemented. Adding an attribute which requires authentication? Check! Adding an attribute which allows authorization? Check! Base controller classes for registration, login, password retrieval, ... Check!

Thank you, ASP.NET MVC team! This preview 4 release seems like a great step in the evolution of the ASP.NET MVC framework. Thumbs up!

This morning, I read about a serious security issue in BlogEngine.NET. The security issue is in the JavaScript HTTP handler, which lets all files pass trough... In short: if you open http://your.blog.com/js.axd?path=app_data\users,xml, anyone can see your usernames/passwords! None of the other HttpHandlers are affected by this security hole.

My recommendation: if you are using BlogEngine.NET: go patch!

(and yes, I patched it   http://blog.maartenballiauw.be/js.axd?path=app_data\users.xml)