Tag | Security Posts

Microsoft Visual Studio Team System 2008 provides an excellent data synchronization tool, synchronize data and schema between two database. It saves lots of developer time to sync database objects. Among two possible synchronization techniques, VSTS 2008 uses the unidirectional synchronization technique. In this consideration, as safety measurement will be helpful for developers before start synchronization. The security measurement is considered whether it would create any loss of data or not. Here ...
In this issue: Rob Houweling, Mike Taulty, Andrej Tozon, Kevin Dockx, and Jobi Joy. Shoutouts (and wow... there are more than SL postings!): First off, Tim Greenfield has a very nice Azure post up about issues in building and running in general. Not sure how many of you SL Devs are also doing Azure, but I'm keeping my eye on it. Tim's post is a good one to read if you're heading that way: Windows Azure Hosting impressions and debugging hurdles Andy Beaulieu has a video hosted on his site of someone ...
A build set is a set of builds running on the same solution or set of solutions, catering for different aspects of the Continuous Integration process. Why a set of builds ? Because one size doesn't fit all. Something you want to run quickly and others you want to cover a lot of stuff. This can be divided into a set of aspects. The aspects can be divided into three major parts: Developer aspect. A continuous build running normally at each check in to ensure that the code the developer checks in is ...
The following is a simple checklist you can use when building web applications. Much of this still applies to other technologies and can easily be extended. I try not to get too specific on technology or methodology, but it is definitely leaning toward ASP.NET. If you can think of something I am missing or disagree, please leave a comment. Detailed information follows the checklist. How much of the checklist you follow will depend on the project. If its just a hobby site, you may skip items like ...
Windows Vista Home edition has some funny quirks - and this one is a prime example... When trying to update my hosts file I get permission denied. That's odd - so I check the permissions and sure enough Administrator group has write access - yet I am the only administror on the system. How's that for tricky - so I'm an admin with no admin rights - go figure. Then I tried deleting the file then readding it.... wow - delete worked but could not re-add. It appears the only way around this little gem ...
I don't have any post relating to how I get to know computers in general and why I choose a career in software development, in fact I needed to do that, since I need to continue a meme that a friend of mine forwarded to me. I'll try to do that sometime later, but suffice to say that it's quite lengthy. Because of my (yet to posted) background, I usually install stuff myself and fiddle quite a bit with computers by myself. I had installed quite a bit of Windows-based Microsoft OS, from Windows 95 ...
When I needed to read an Excel spreadsheet from a SharePoint site, it seemed like a simple enough request. Previously, whenever I needed to open an Excel file, I used an OleDb connection with the following connection string: string connectionString = @"Provider=Microsoft.ACE.OL... Data Source={0};Persist Security Info=False; Extended Properties=""Excel 12.0;HDR=YES"""; connectionString = string.Format(connectionStr... filePath); Of course, you can't open the file from the SharePoint site this ...
I swear that Microsoft are trying to force developers to move their sites from Classic ASP to ASP.NET. Not that I have anything against ASP.NET - I like it and I like Classic ASP less. But in reality, many sites work perfectly well in Classic ASP and don't need converting - even if a budget was available (which there usually isn't!) OK. Many of us are aware of the dropping of friendly colours from VS2008 for .ASP. This was reintroduced in SP1 after the development community kicked up a huge fuss. ...
I, like many others, download Windows 7 Beta build 7000 on the day it hit MSDN after reading about its availability from Bink.nu. It came as an ISO so was easy to build into a virtual machine however on my home laptop I've partitioned my HDD and had XP in one partition and Vista in the other. Vista rarely gets to see the light of day simple because it is always doing something with the hard-disk! Checking! Scanning! Indexing! All driving me nuts as it slows down the performance of my machine. So ...
If you read enough about security in general you will hear the often touted principle of do not rely on security by obscurity. It even has its own Wikipedia page. You see this advice thrown out a lot when somebody does something like embedding encryption keys in their code. The developers assumption is that the code will never be read by anyone and thus the key is safe. I have personally seen that one cracked in about one minute. So the advice is good, you should not RELY on security by obscurity. ...
This is my Super Secret Stuff folder. It’s a zip file, and I need to pass on my super secret stuff to some super secret person who will be the only person knowing the super secret password to open it. So I open the zip file in explorer and…um…where’s my “Add Password” option in the file menu?! It’s GONE! It’s also not under any of the other menu items. I’m going to chalk this up to it being a beta, but still…shouldn’t this have been part of Explorer since its been a mainstay in Windows XP and Vista? ...
Remember how annoying it was to get two computers on a network to share files between each other? I don’t mean on a domain or anything, but on a typical home network where you don’t have a domain controller or anything at that level, and at most you had a workgroup value assigned to each machine. With Windows 7, getting your computers to talk to each other is SO SIMPLE. In fact, the least amount of work you have to do to get it working is entering a password. Here’s how it works. Homegroup When you ...
Join us for TechFuse 2009 on March 17! It’s back and even bigger than last year! With 36 sessions and two keynote presentations to choose from, TechFuse 2009 is the most cost-effective way for IT and Developer pros to get up-to-date, 200-300 level education on the topics that matter to your role. TechFuse will provide you resources on the latest developments in IT and Developer trends, technologies, application implementation issues, products and services from tons of local professionals. Website: ...
The full error message looks like this: [SNAC] “[SQL Native Client]SQL Network Interfaces: The Local Security Authority cannot be contacted.[SQL Native Client]Cannot generate SSPI context” [MDAC] “Cannot generate SSPI context”; [.Net1.0/2.0]” Failed System.Data.SqlClient.SqlEx... Cannot generate SSPI context” When this message occurs--especially when the same access 20 minutes ago worked, chances are you've logged off of your primary network. An example would be that at work you were using an ...
Presentation models, or screen-bound DTOs, are are lightweight classes tailored to the needs of the screens on which they are used. The obvious benefit is that they remove some of the work required to translate between domain model objects and user interface elements. Work that is usually performed by the view and controller in an MVC context. A secondary benefit of presentation models is that they explicity define what can be bound to domain model objects. Automatic binding such as Asp.net MVC's ...
Service Update Heightened security measures for Inauguration Day on Jan. 20, 2009, will include extensive road closures and restricted access to many locations in Washington, D.C., and surrounding areas, including some bridges and tunnels leading into and out of the Capitol. FedEx is planning to operate on this day, however due to enhanced local security measures and mandates set forth by the U.S. Department of Homeland Security, customers should expect unavoidable service delays within the area. ...
I was impressed with my first taste of ADFS on my last project. Specifically solving for Web SSO. Geneva, (aka Zermatt) is now the single federated identity platform. And it sits in the Cloud. At the PDC 1 Day (MSDN Dev Con) the presentation on Azure noted this. This is wonderful. It may be new to us at this point, but it will be the same framework in the enterprise as in the cloud. A Security Token Service (STS) will exist in the cloud, a portal to manage the access control rules will exist in the ...
I’ve always been a big fan of Windows Live OneCare for all my personal machines. That’s why I was surprised to hear that Microsoft Windows Live OneCare is going away in the 2009. Fortunately the key piece I used it for is being replaced by Morro, basic protection from malware—including viruses, spyware, rootkits, and Trojans. Here’s some more detail on the announcement from Michael Cherry at Directions on Microsoft: “In order to increase the number of Windows computers with basic protection from ...
Today someone asked me about a challenge they are facing in Silverlight 2. Here’s their question and the answer. QUESTION: “We have an issue with Silverlight 2 and SOAP exceptions. Silverlight doesn’t like to let you look at the content of the SOAP exception in the messages. How do I get the content of the SOAP exceptions?” ANSWER: You can find a detailed answer here: Eugene Osovetsky's Blog: Faults and Exceptions when using Web Services in Silverlight 2 (Here’s the url: http://eugeneos.blogspot.co... ...
Finally I’ve reached the point where I’m ready to hook up BizTalk to my STS implementation to participate in a federated identity scenario. My goal is to confirm two scenarios - 1. Being able to call from a BizTalk process a service that uses the ws2007FederationHttpBinding (and requires that the caller provide a token issued by a specific STS) 2. Being able to expose a service in BizTalk that would use the ws2007FederationHttpBinding requiring the caller to provide such token. If you followed my ...
A fellow peer was looking at an error when trying to configure another developer's database. All of us are working on the same application, but our install doesn't seem to be working correctly, which causes the DB to not be properly installed, thus this guy is trying to configure it manually. We are using SQL 2005 (either Express or the regular versions) for our DB servers. He's using SQL Management Studio, logged in using Windows Authentication and was trying to bulk insert some records (BULK INSERT ...
Things have been busy and it's been a while since my last post, so I decided to write up a post today related to something I have been working on recently where in I needed a way to associate an attribute with a class and some of it's properties, but the values I wanted to pass in to the attribute constructor needed to be dynamic. We all know that attributes are; classes that can be tagged onto code artifacts such as Methods,Properties,Events,D... etc. When you tag a code element with ...
A lot of people have asked me to explain the differences in the PowerShell Server v2 product with the obvious alternative: PowerShell v2 Remoting via WinRM. PowerShell Server The nutshell is that with the PowerShell Server, you are not limited to Windows machines and you don’t need WinRM or any other software other than the PowerShell Server itself and any old SSH client. This means that the “client” machine, where the commands are being sent from, can be anything – a Linux machine, a handheld device ...
Recently we spoke about reading radio data in C#, however as in any vehicle we have also CD players. So what can be better, than to have an ability to play CDs while being notified about track name, gathered from CD-Text? So, let’s start. First of all, I want to express my pain with MSDN documentation about CD-ROM structure. Documentation team, please, please, please update it. First of all it is no accurate, then there are a ton of things missing. However, “À la guerre comme à la guerre”, thus I ...
SharePoint uses service accounts to run specific services behind the scenes. SharePoint does not function under the practice of “running everything as administrator”. There are several documents regarding all of the different service accounts that are recommended for SharePoint, but for some organizations the sheer number of accounts is simply not manageable. So I’ve put together a list of what I would consider the minimum accounts (and rights) for a typical SharePoint installation. The account you ...
Christmas day was when I had a chance to review the final release of DotNetNuke 5 which was announced Christmas Eve. I quickly reviewed what I wrote about in my chapters for the new DotNetNuke 5 book and realized I had to add more and delete some information as well. I quickly shot off an email to the Wrox editor and begin to update my chapters. The first was What's NewUnder Admin/What's New, you'll find a new setting which gives you a summary of the major features for this DotNetNuke release. You ...
In this issue: Pete Brown, Damon Payne, Agata Staniak, Justin Angel, and David Anson. Shoutout: John Papa responded to some of the Silverlight security posts lately: Security and Silverlight. From SilverlightCream.com: Dealing with the “Project file must include the .NET Framework assembly …” Error I missed this one from just before Christmas by Pete Brown detailing how to resolve the error in the title... pretty simple, actually! Run time is design time for AGT [11] Episode 11 of Damon Payne's coding ...
In Part 1 of this series, we looked at a simple template to help you can use to help document the security roles that need to get created for your new SharePoint application. In this part, we will look at a common process that is used to augment your Software Development Life Cycle (SDLC)and targets applications that you think might be suitable for running on the SharePoint platform. As you read through this blog post it is important to note that this process (or something similar) can be used to ...
In this issue: Steve Commisso, Damon Payne, and Tim Greenfield(2). Shoutout: Koen Zwikstra has uploaded a new (signed) version of SilverlightSpy. You'll have to uninstall the previous version to install this one, but don't think about it... just go get it... you'll like it! Silverlight Spy 2.0.0.39 available. From SilverlightCream.com: Consuming RESTful Web Services in Silverlight Steve Commisso gives credit to Rob Bagby for the foundation for this post, and extends it... good stuff, Steve, thanks! ...
I finally decided to nose dive into the blogging arena. I couldn't find a better time to start writing my first post, the Christmas Holidays. During the festive holidays, or should I say, time-off, I had a relative of mine called me up, yet again, to configure his router for Dynamic DNS. After I couldnt find anything on the information highway, I decided to make this my first article. Before we get started I'll briefly describe what Dynamic DNS is all about, so here goes. What Is Dynamic DNS? Wikipedia ...
I was working on configuring a ArcGIs 9.3 Server with MOSS & WSS. Works great untill I enabled Security on the ArcGIS Server for the Map Service. Once enabled, You cannot disable the security using the Server Manager. But I wanted to. I was not prepared to rollback my Virtual machine. EDN search & Google search brought me information that was not all that useful. If you have enabled the Security setting on ArcGIs 9.3 server and wanted to disable the security : Just do the following on your ...
A while back I discussed the approach we use on some projects to configuration management and how we solve the problem of configuring binding and configuration (and any other) files for different environments. I had originally written the linked article on my blog. While it was fairly successful the main project I've been working on has a number of BizTalk projects within it and I felt that the configuration dictionary approach we were using was becoming a bit of a pain as the XML dictionaries were ...
When you create a database i'm sure you can grant users/roles access to stored procedures tables etc.. But if you inherit the sql database then you will need to find a solutionThanks to Jeremy Kadlec from sql tips Unfortunately, with all of the security changes in SQL Server 2005, no default role is available to execute all stored procedures in a given database.Quite sure the same applies to SQL SERVER 2000. But there is a solution looking at the script below: Just pass in the loginname below to ...
Download the design template here. In my role, I am lucky enough to get to design lots of very cool software to solve (sometimes difficult) business problems. Many times, these applications involve design solutions that leverage SharePoint technologies. In this series, I will be discussing some of the design patterns and documentation patterns that I have encountered in my applications. Disclaimer: this documentation is given as-is, so please use it and modify it as needed to meet your needs. This ...
In this issue: Silverlight SDK, Shawn Oster, Jeff Wilcox, Bart Czernicki, David Anson, Jonathan van de Veen, and Kevin Dockx. Shoutouts Adam Kinney has a link out to NEC Biglobe’s Deep Zoom multi-layered photo viewer, and they've done some cool effects on it. From SilverlightCream.com: Advertising with Silverlight The Silverlight SDK has a post about Advertising with Silverlight, and a link out to a guide for doing so. Working with Units of Measure in a NumericUpDown Shawn Oster takes on the NumericUpDown ...
When you click the print button from the ReportViewer control (Sql Server 2005)you get the error: Unable to load client print control I never had this issue with ReportViewer control (Sql Server 2000). After doing some research it came out that there were many solutions to this depending on your environment. 1) Installing the RSClientPrint.Cab which can be found in the program Files\MSSQL Server\Reporting Services\ReportSerer\bin\.. folder. But with this you would have to deploy this cab to all the ...
I have installed Windows Vista Ultimate since some month now and I still wonder what system service I have missed to get a well behaved system. To troubleshoot heavy disk access I use Process Monitor from SysInternals. It is an invaluable tool to find out who did access what on the system. It can monitor every module load, process start, thread creation, registry or disk access and network activity you can imagine. If you are developing unmanaged code you can even view the call stacks who did access ...
Microsoft's SDL Optimization model is for moving your organization along in their Security Development Lifecycle. The SDL is really born out of a lot of lesson's learned and pain realized by Microsoft over the years. The idea is to build into your development process a more security centric focus throughout the lifecycle. The Optimization Model follows this diagram: The idea here is to first determine where your organization is at, figure out where you want to be, and determine how to get there. ...
Dec 6th' 08 I presented ADO .Net Sync services at the Tampa code camp. This was my 6th presentation on same topic in as many months and except Orlando Tech Ed I did not see enough developers interested in Sync services. At first it was kind of disappointing to see just 15 developers in the session but then I realized that there were few other sessions running parallel and the one that had biggest crowd was MVC architecture in ASP .net. I guess that's true for winform or smart client development. ...
Learn how to make it better by attending next week's Orlando DotNetNuke User Group Meeting. Microsoft MVP Consumer Security (2004-2009), Janie Whitty, aka Calamity Jane, will be speaking about Malware and how it affects you and your customers. Janie is best known by her username Calamity Jane in PC Security circles. She specializes in HijackThis logs analysis and malware removal/prevention and PC security as an Independent Consultant for Lavasoft (makers of Ad-Aware SE) and is a Forum Administrator ...
[Source: http://geekswithblogs.net/E... The combination of .NET Services and SQL Services in the cloud provide a very simple model for implementing massively distributed processing. It's an appealing idea – enterprises of any size have hundreds or thousands of workstations which can be idle for the majority of their time. Assuming a generous average 10% resource utilisation during working hours, workstations which are not powered down are averaging 3.3% utilisation over the working week. ...
I'm really not obsessed with performance -- honest! However, when a co-worker asked me today exception handling was an acceptable way of coding defensively, my reaction was rather predictable. Exceptions are pure evil, and should be... well, exceptional. Yes, you guessed it. The next question was "How bad is try/catch really?" The short answer is that is involves minimal overhead... unless an exception is thrown. In that case, the .NET exception handling mechanism does a few nice things, like providing ...
As one of the books part of the 75 centimeters of MS Press books I won as Speaker Idol at TechEd EMEA Barcelona I selected the training kit for the WCF Exam (70-503). Here's my review on this book. You can buy the book at http://www.microsoft-press.... Included in the book is : - a DVD with Visual Studio 2008 Professional Edition (90 day evaluation). Nice to have for people without VS2008 at their work environment and want to learn WCF and prepare for the exam. - ...
In this issue: Timmy Kokke, Martin Mihaylov(2), CASON Engineering Plc., Bryant Likes(2), and Stefan Olson. Since I had seven submittals, I decided to do them first today and post my web-scrapings later :) From SilverlightCream.com: Silverlight Without XAML I'm not sure Timmy Kokke has a blog... if he does, send it to me, I'd like to track this. He has ripped page.xaml and app.xaml out of the project and is building his app in code behind ... interesting. My OutlookBar is pretty close to that... all ...
I recently had a request from a client for an application that could be distributed and run from a USB memory stick. I wrote it in .NET of course, but some of the target machines don’t have the .NET framework installed (it’s getting more common, but it’s not ubiquitous yet). This wouldn’t have been a problem if we were installing the application because the installer would have taken care of that for me, but because it was designed to run from the USB memory stick I needed to write a bootstrap that ...
This is in response to a post by John Viega entitled “Why Microsoft’s free AV won’t matter”. Yes, Microsoft failed with OneCare. But I don’t agree with John on why. (Keep in mind John works for a company that produces AV software, so he is biased, even if he is knowledgeable.) Let’s look at the three major different kinds of anti-virus users. Type A – Anti-What-Now? A large number of consumers don’t care about anti-virus. They might know what it is “sort of”, and they may want to know that their ...
Goal Ensure your developers build code to meet the spec (the contract of customer requirements) in a timely manner Ensure your developers build code changes that don’t break the spec and that pass functional requirements Ensure your developers build code which is robust (not fragile) and that meets design and code quality guidelines The Spec Make sure that the technical analyst provides appropriate specs! Keep it deliverable – compile-able. No point building mounds of UML diagrams that don’t stay ...
Being a user group leader (Bartlesville .NET User Group) I get a lot of messages for recruiters looking for jobs. Given the current market situation I like to pass these on. This one looks pretty interesting. If you are interested give Darbi a call and let him know I sent you: Know anyone (maybe you) who might be interested in the following position? It is located in Oklahoma City, Oklahoma. It is a direct hire position with a great company. If you are interested or know someone who is, send me a ...
In working through an issue with workflow I stumbled across an interesting 'feature' of workflow and MOSS. Essentially I have a "Project Sites" root web where I am creating child sites via a workflow: Project Sites Child Site 1 List 1 List 2 In these child sites I am creating some lists and setting alerts on them based upon things that happen in the workflow. In attempting to create an alert on a list, I received a "List does not exist" error. In stepping through the code and inspecting all the objects ...
Here is a list of the more meaningful tools and extensions which I have downloaded and enjoyed this year: Google Search Bar + Bookmarks XML Notepad 2007 (Microsoft, free) Tail 4.2.12 NUnit for Windows WebServiceStudio/SoapBits BizTalk ScheduleAdapter (Scheduled Task Adapter) http://www.codeplex.com/Biz... Microsoft Enterprise Library 3.x Camtasia Studio System Tools Unlocker http://ccollomb.free.fr/unl... .Net Reflector http://www.red-gate.com/pro... Process ...