Dan Kroymann
Dan Kroymann
When Azure auto-renews a certificate (or if you manually create a new version of the cert), won't it immediately become the "current" version of the certificate, which according to this...
That's reasonably close to what I have implemented in my codebase. There are two improvements that could be made: 1. You're doing identical work to retrieve the complete list of...
If the downstream services that are receiving and validating your signed tokens are AspNetCore applications using the built-in authentication library, then I believe the default rate at which they will...
> @kroymann I see you've used a transient lifetime for the ISigningCredentialStore and IValidationKeysStore whereas @Eneuman has used a singleton. In my mind singleton would be more appropriate for this?...
I wrote an extension to EF6 to handle this exact problem for our product and apparently it is extremely similar to what Nick is proposing above. By replacing this where...
There's a large initial allocation when creating the `ImageFrame`. It allocates somewhere in the ballpark of 1.6GB. The exception that I quoted above came from our logs when a server...
> You can configure your own limits. > https://docs.sixlabors.com/articles/imagesharp/security.html Ah good point. So rather than try to limit the image dimensions, I could instead pick a reasonable memory allocation limit,...
With that said, even if I set that limit considerably lower (say low enough to just barely support a 4K UHD image - 3840x2160), this specific attack would still be...
> Why not read the ImageInfo first? You can do that without allocating and reject anything too large. We're using the `ImageSharp.Web` library to handle loading and manipulating images. The...
Actually, looking at that code a bit more, I think I could squeeze an ImageInfo check into the `IImageResolver.OpenReadAsync()` method as I will have access to the stream at that...