SShortSingh.
Back to feed

Researcher Details Method for Decrypting ASP.NET ViewState Messages

0
·1 views

A technical blog post published on zeroed.tech explores the process of decrypting ASP.NET ViewState messages. ViewState is a mechanism used by ASP.NET web applications to preserve page and control state between server requests. The article outlines the technical steps involved in analyzing and decrypting these encoded data structures. The post has gained attention on Hacker News, where it was shared for discussion among the developer and security community.

Read the full story at Hacker News

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

C# 15 with(capacity) Syntax Outperforms Older List Pre-allocation Methods

A developer experimenting with C# 15 compared three ways to create a 100,000-item list: no pre-allocation, classic capacity constructor, and the new with(capacity) syntax. Without pre-allocation, lists repeatedly resize in memory as items are added, which can slow performance at scale. Benchmarks run on a personal laptop showed the C# 15 with(capacity) approach was consistently the fastest of the three methods. The new syntax combines capacity pre-allocation with collection expressions, making the code both more readable and more efficient. The informal experiment highlights how modern language features can offer performance gains even for fundamental operations like list creation.

0
ProgrammingDEV Community ·

Developer builds hallucination-resistant AI tool for Swiss business compliance

A developer has built Canton Compliance Hub, a free multilingual platform designed to help foreign founders navigate Switzerland's complex business compliance landscape, where rules span federal, cantonal, and linguistic boundaries. The core engineering challenge was preventing the AI from fabricating facts, particularly numeric figures like tax rates and CHF thresholds, which could cause real financial harm to users. The system uses a two-layer retrieval approach on Postgres with pgvector, combining BM25 exact-term matching and vector search, with every factual claim required to carry a verifiable citation back to an official government source. A separate verification pass checks all numeric claims against retrieved evidence, blocking any unsupported figures from being published. Two open datasets — a canton-by-canton minimum wage comparison and an SME compliance-deadline calendar — were released as byproducts of the project under a CC BY 4.0 license.

0
ProgrammingDEV Community ·

Coinbase Advanced Trade API vs Kraken API: Which Is Better for Python Bots?

A developer benchmarked the Coinbase Advanced Trade API and Kraken API to evaluate their suitability for Python-based trading bots, focusing on latency and developer experience. Coinbase offers an official Python SDK with automatic JWT-based request signing, making setup faster, while Kraken requires manual HMAC-SHA512 signing and a separately fetched token for private WebSocket channels. Both exchanges posted similar median response times in tests conducted from a US East server, but Coinbase showed tighter tail latency at the p95 and p99 levels, which can matter more during volatile market conditions. Kraken provides broader API surface area, including REST, WebSocket, and a FIX gateway, though its Cloudflare-enforced reconnection limits can result in temporary IP bans if a bot reconnects too aggressively. The author concludes that Coinbase suits developers prioritizing speed to deploy, while Kraken suits those needing deeper functionality and willing to handle more configuration.

0
ProgrammingDEV Community ·

Developer Eliminates Duplicate Logic Across Billing, Auth, and Oracle in One-Day Refactor

A developer documented a day of backend fixes centered on removing redundant sources of truth across four repositories. A SaaS billing system was migrated from per-feature à-la-carte subscriptions to a plans-only model using a four-phase, zero-downtime expand-and-contract strategy. An authorization bug was resolved by routing web, API, and MCP server access through a single shared permission layer, after each surface had previously enforced rules independently. A legacy Oracle issue was also patched, where a password reset was writing to the wrong column and incorrectly updating a date-modified field. The overarching lesson drawn was that duplicated business rules — in billing, access control, or configuration — drift silently and cause harder-to-detect failures than duplicated code.

Researcher Details Method for Decrypting ASP.NET ViewState Messages · ShortSingh