eWorld.UI - Matt Hawley

Ramblings of Matt

VS.NET 2005 available on MSDN

March 25, 2004 22:33 by matthaw
Yeah, thats right...its ready for you to download.  I'm downloading it at work and at home, both are going to take about 4 hours since its a 2.6GB file.  So, if your a MSDN subscriber, hop online and grab it!

Categories: Whidbey
Actions: E-mail | Permalink | Comments (6) | Comment RSSRSS comment feed

BillG Using SPOT?

March 25, 2004 06:25 by matthaw
So I'm watching BillG's keynote at VSLive, and within the first 10 minutes he talked about the SPOT watch.  My question is, did he wear the watch just for his KeyNote, or does he wear it on a daily basis.  Anyone know?

Categories: General
Actions: E-mail | Permalink | Comments (1) | Comment RSSRSS comment feed

Plugin Release: NewsGator NNTP Plugin v1.0.1

March 25, 2004 03:39 by matthaw

Version 1.0.1 of the NewsGator NNTP Plugin to allow posting to newsgroups has been released.  This version fixes a major bug in the extension when receiving posts in NewsGator.  The previous versions would incorrectly associate bad data to the post, which resulted in incorrect threading of posts.  If you're running the NNTP Plugin, this update is a MUST!

Download Now!



Securing Connection Strings

March 24, 2004 19:18 by matthaw

On Monday, my team at work got together and a pow-wow about security and how we can be more pro-active in developing applications.  As we went through sessions 2 & 3 from DevDays, we had a lengthly discussion on how we should proceed in securing the connection strings.  As most of you know, the OpenHack, and "best" method for securing connection strings, is by using DPAPI to encrypt it, and then store that encrypted string in a ACL'd registry key.

As this is a nice security model to follow, it doesn't work all that well in the development arena, when you have multiple machines that are hosting some version of an application.  As we discussed, we found that it would cause more of a headache when setting up a new application, as we'd have to create those ACL'd registry settings, do the encryption, etc. etc. manually.  Sure, a small application or batch could be used, but its still a pain to have to remember that you need to do it on each machine.

Another major item concerning storing the connection string in the registry, was that it breaks (what we think) the web application line.  By storing specific settings in the registry, you're starting to walk into the windows application arena.  It just doesn't make sense to us to provide that form of security when we feel its crossing that line.

Now, you may be starting to disagree with me, and thats fine.  We're still going to take an approach to encrypt the connection string in the Web.Config file, but not use DPAPI.  But - why wouldn't we want to use DPAPI, you ask?  Well, DPAPI is encryption/decryption is specific to the machine, thus decrypting a string on Machine B would not decrypt properly that was encrypted on Machine A.  (If my understanding is incorrect, please let me know - as this is a major setback for using DPAPI for us).  So, whats the big deal...well, you're going back to the model of having to manually configure each machine again, which isn't that easy to do in some environments.  So, we feel that using a specific encryption algorithm with a key is the best method, since it could be ported from machine to machine without having any problems.

I do have to agree, that if you wanted to take that extra security step by securing your encrypted connection string in a ACL'd registry key, that its a wise choice, however in most cases, its just overkill. Also, you won't ever have the option to do something like that on a shared hosting environment, so most web applications that single developers have, don't provide that form of security.

Well, I think thats all for my rant about securing connection strings, I'd love to hear your feedback.



Categories: General
Actions: E-mail | Permalink | Comments (8) | Comment RSSRSS comment feed

Dogfooding my NNTP Plugin

March 24, 2004 17:23 by matthaw

Yesterday & Today I decided to start being more proactive in newsgroups, and as such I wanted to start dogfooding my NNTP NG Posting Plugin. I definately have to say that reading & responding to newsgroup postings is extremely easy.  Since I really never posted to newsgroups, I never really used it, I just developed it because there was a need in the community for it.  However, after using it several times, I'm definately stoked about it...and I would have to say that dogfooding is always a good idea on whatever application you're using. Maybe I'll find something I like or don't like about it that I can change.  Gotta love it.

Now, to find out how to add my signature for replies...



Installing XP SP2 RC1

March 24, 2004 00:33 by matthaw

Well I thought long and hard all day about installing XP SP2 RC1 on my laptop that I use for work and home.  I think I'm going to take the plunge since I've seen some pretty positive comments about RC1 being pretty stable.  So, lets just hope tomorrow I won't be rebuilding my laptop, and rather be working more securely & testing out SP2.  If I find anything quirky, I'll definately post it.  Wish me luck :)

PS - I hope I have better luck than Graemef.



Categories: General
Actions: E-mail | Permalink | Comments (3) | Comment RSSRSS comment feed

MSDN Security Briefings

March 23, 2004 22:31 by matthaw

I just ran across some free briefings put on by MSDN about security for developers.  It just so happens there's a briefing tomorrow in my town...yay! I'll be there!

Here are the abstracts:

Writing Secure Code - Best Practices
In this session for experienced developers, you will build upon existing knowledge of secure coding best practices to learn about analyzing, mitigating and modeling threats. The session will discuss established threat modeling methodologies and tools and show how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.

Essentials of Application Security
In this session for experienced developers, you will gain knowledge and skills essential for the creation of secure applications. The session will cover important security concepts and discuss the need for implementing security at every stage of the development process. You will learn how to secure data and communications and how to implement effective authentication and authorization methods. You will also learn about application filtering and compatibility issues following software updates.

These sessions don't look to be duplicates of DevDay veterans, which is great.  And, now that my company is on the road to developing secure applications, this is just another step up for me to learn and bring back more information.  Check out the briefings to see if there's one near you!

Update: G. Andrew Duthie has stated that the content is different from DevDays, minus a bit of overlap.  Thats great!



Categories: General
Actions: E-mail | Permalink | Comments (4) | Comment RSSRSS comment feed

Updated Utility: WebDeploy

March 19, 2004 19:50 by matthaw

Updated: Please View this post for the latest version.

WebDeploy has hit v0.7 with a ton of new features (yes again) that are even more appealing to developers.  This updated version is still the same simple windows application that it was, however it has yet again been beefed up tremendously.  Below is a screen shot of the new main form.

New Main Form for WebDeploy

 

Along with a new user friendly look to it, I've also re-done the profile configuration dialog so they're more user friendly to everyone. Below is a screen shot of the profile configuration.

Profile Configuration Dialogs for WebDeploy

 

Like always, I wanted to give you a teaser of the UI before I get to the good stuff, aka the changelog. So, here ya go...

  • New UI design for editing profiles.
  • Added new images to give a more user friendly environment.
  • Fixed old profile information is restored when "Cancel" is clicked when editing profiles.
  • Fixed blank profiles are no longer added when Cancelling a new profile creation.
  • Added deploying to ZIP files now supported, however backup/restore does not work.
  • Added ability to test FTP settings.
  • FTP information is now validated.
  • Added a new dialog and option to view files to be deployed prior to deploying.
  • Added ability to change the destination file name via dialog above.
  • Added ability to selectively choose files to be deployed via dialog above.
  • Added logging and ability to view log within WebDeploy.
  • Added command line functionality, however I had to split the application into 2 pieces.  WebDeploy.exe is the console app, that can call WebDeploy-GUI.exe if /u parameter is not specified.
  • Fixed random error message attempting to create directories via FTP.

Like always, WebDeploy is freeware, and the source code is not available.  If you have any further suggestions/comments/ideas/problems, please do not hesitate to contact me or post them on this blog post.

If you wish to download WebDeploy, click here. You will need the .NET Framework 1.1.4322 to run WebDeploy.



Categories: Unleash It
Actions: E-mail | Permalink | Comments (21) | Comment RSSRSS comment feed

Interim VS.NET 2005 Build Next Week

March 18, 2004 00:28 by matthaw

C|Net is reporting that a new interim "technology preview" of Visual Studio 2005, aka "Whidbey", will be distributed next week at VSLive in San Fransisco.  This is awesome!  I hope they plan on releasing that same build to MSDN subscribers.  Any word from the Microsoftee's ?



Categories: .NET
Actions: E-mail | Permalink | Comments (1) | Comment RSSRSS comment feed

Made it on Short Takes

March 17, 2004 17:24 by matthaw

I just received my latest "Developer Central" newsletter put together by Mike Gunderloy.  And much to my amazement, WebDeploy was featured in the "Short Takes" section.

"WebDeploy 0.6 is a tool to make moving ASP.NET solutions to servers easier. http://weblogs.asp.net/mhawley/archive/2004/03/08/85986.aspx"

Thanks Mike! I guess its time to setup a new page for WebDeploy :)

Categories: Unleash It
Actions: E-mail | Permalink | Comments (0) | Comment RSSRSS comment feed


Copyright © 2000 - 2014 , Excentrics World