Interview prep

 add new branch ============== git switch -c new-branch-name git push -u origin new-branch-name git pull --rebase

In C#, a common example of a layered architecture is the Model-View-Controller (MVC) pattern. This pattern separates an application into three interconnected components: Model: Represents the application's data and business logic. View: Represents the user interface and displays information to the user. Controller: Handles user input, updates the model, and triggers the view to update. This separation helps to organize code, improve maintainability, and facilitate testing. C# web frameworks like ASP.NET MVC often implement this pattern, providing a structured way to build applications. Other examples:  1. **Layered Architecture (N-Tier Architecture):** Separates an application into multiple layers, such as presentation layer, business logic layer, and data access layer. This promotes modularity and maintainability. 2. **Hexagonal Architecture (Ports and Adapters):** Focuses on creating an application core independent of its external interfaces. It consists of the inner core (busine...

 

 

Event sourcing is an architectural pattern that is often used in conjunction with microservices to manage state changes and maintain a reliable audit trail of those changes. In an event sourcing system, instead of storing the current state of an entity, you store a sequence of events that describe the changes to that entity over time. Here's how event sourcing works in the context of microservices: 1. **Event Generation:**    - Each microservice maintains its own event log that records all state changes to its entities.    - When a microservice needs to update the state of an entity, it generates an event that describes the change. This event is then appended to the event log. 2. **Immutable Event Store:**    - The event store is immutable, meaning once an event is written, it cannot be modified or deleted. This ensures a reliable and auditable history of state changes. 3. **State Reconstruction:**    - To determine the current state of an entity,...

 An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Example: The DtdProcessing.Parse property allows the XmlTextReader to process XML External Entities in such a way that an attacker can add the contents of files on the server to his XML data. Also, well-formed XML can cause XmlTextReader to add information from the Internet that was not originally intended. It is recommended to avoid DTD processing. In order to achieve this in XmlTextReader, the DtdProcessing property has to be set to Ignore. Example 2: XML deserialization is performed with both allowed document type definition and URL resolving. An ad...

  Issue: The shipment will be processed even if data validation is not passed successfully. So, invalid data, including unverified files, will be stored in the file system or a database. If model state errors are detected, the process has to be interrupted. So, the model binding step's errors and uploaded file validation ones are determined and checked before the instructions will be executed. If any error exists, the process will be interrupted, and invalid data will not be processed.

  Issue 1: The file upload is done incorrectly. An adversary can forge the virtual file path, thereby it could be saved to another folder with replacing. Uploaded files have to be saved with a virtual file name to avoid collisions, and users should not be able to choose where the file will be saved. For this, the file path does not contain any user-sent parameter and the virtual name is generated randomly, so existing files couldn't be replaced. Issue 2: Allowing to upload profile picture files without applying proper checks would let an adversary to upload files containing malicious content that could harm the application or the host system. The application protects itself against unrestricted file upload in several ways. There is an allow list of extensions, the file size is limited, and the application sets the filename. Also, the file upload functionality has been removed from the controller to the UploadService, which guarantees a cleaner, more structured application.