April 2010 Blog Posts
A couple of mistakes in chapter 8; On page 197 the command to create a user within a database needs more explanation, so the whole paragraph should read Adding a user to a database Just because a login exists and can connect to SQL Server it doesn’t gain access to any databases. You must first grant an account access to the database. You can do this with the following SQL command: USE [exampleDatabase] GO ...
Quick thought - I'm beginning to think this sharing of PI is like free love in the 60s. Those of us who are older just don't understand it. And I’ll bet, just like free, love in 10 years time some of the practitioners will be stuck with consequences they can never get rid of.
So now our fit and finish sprint is finished (my PM, Frank, has published the results which demonstrate that, well, fit and finish is never, errr, finished) I’ve been doing some thinking and experimenting. Two things came out of the MVP summit this year, 1) we want logging which isn’t the Enterprise Library and 2) we want to write our own WPL plugins (more specifically a particular Developer Security MVP wanted to write a SQL Injection detector for MySQL). This week was scheduled to be a lazy week, as we work around planning meetings for sprint 2 so I...
This is fun. Network Solutions, not known for their wonderful hosting setup, messed up WordPress configuration, file permissions and basically allowed people hosting on their servers to read everyone else’s authentication information. When it was discovered NetSol tried to spin it as a WordPress problem. WordPress are pissed. But what’s amusing, to me anyway, is their talk of crappy configuration – which they justify with the following WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server...
As if taking DDD to Ireland wasn’t foreign enough little Alex Mackey is organising DDD Melbourne (or rather ǝuɹnoqןǝɯ ppp). The call for submissions is now open, and as an encouragement for Aussie speakers I’ll buy, sign and send a copy of my book to the first speaker submission which includes a comparison of Alex to a particular fictional middle earth character … Like all DDD events DDD Melbourne is: Free! Run on a Saturday so no need to get time off work Open - sessions...
Phil Haack has just blogged how to write an encoding provider for ASP.NET 4.0 which uses AntiXSS. He beat me to it – one of the reasons I’ve switched WPL to VS2010 is so I can include an assembly which does this in the next public release. Encoding providers will work for both ASP.NET 4.0 WebForms and MVC applications, but the HttpEncoder class only encodes HTML, HTML attributes, HTTP headers and URL and URL paths. If you’re using the JavaScript encoding bits you’ll still have to do that manually. The decoding functionality will be based down to the .NET framework...