Monthly Archives: December 2011

Helpful PetaPoco Template Modifications

I’ve been experiencing with Micro ORM products on the market in the open source realm as of recent.  Two of the products a colleague of mine recommended were PetaPoco and Dapper.  In researching the two, I really liked some of the features of PetaPoco, and hence I decided to go with this product instead.  PetaPoco’s implementation is simple; download the package from GitHub or Nuget and install it on your machine.  PetaPoco comes in the form of 3 T4 templates (one master and 2 related templates) to generate the PetaPoco components (which you have full access to) and the data access components that map to your database.  Since these are T4 templates, you have control over the customization.

Because I wanted to optimize some of the speed performance improvements of PetaPoco, some of the convenience features are gone, such as automatically generating the select parameters, named parameters for queries and stored procedures, etc.  This means I’ll use the select option like the following:
new Sql() .Select(“*”) .From(“Users”) .Where(“IsActive = 1″)

However, instead of defining * as a convenience, I wanted to include all of the parameters names since * can perform slightly worse than named parameters; however, defining each column is harder to keep track of as table definitions change.  Therefore, the alternative I chose was to add some additional methods to the template, to handle this for me.

Before we get to that, let’s look at what PetaPoco requires.  In my project, there are three templates, the first is the master template named Database.tt.  It’s not critically important to understand what goes on in here except for the first section which has common settings:
// Settings ConnectionStringName = “DB”; Namespace = “My.DataAccess”; RepoName = “MyContext”; GenerateOperations = true; GeneratePocos = true; GenerateCommon = true; ClassPrefix = “”; ClassSuffix = “”; TrackModifiedColumns = true;

ConnectionStringName is important and must match a connection string defined within the app.config of the project.  Namespace determines the namespace o the components, and RepoName is the name of the custom database class generated.  PetaPoco uses an approach similar to LINQ to SQL or Entity Framework, where the core DataContext/ObjectContext classes are inherited from in the designer, creating a new, customized context class.

The additional options control whether to generate certain pieces of code (the poco component, common method operations, etc.), and how to modify the POCO’s being generated.  The shell of the custom database class appears below:
namespace My.DataAccess { public partial class MyContext : Database { public MyContext() : base(“DB”) { CommonConstruct(); } }

The next template we’ll look at is PetaPoco.Generator.include, which contains the definition of the POCO objects.  It’s this template that we can customize the process to add additional features, and make the process smooth.  At the top is the T4 template for generating the custom Database class as shown above.  Later on below is the template for each POCO, which looks like this:
<# if (GeneratePocos) { #> <# foreach(Table tbl in from t in tables where !t.Ignore select t) { #> [TableName("<#=tbl.Name#>")] <# if (tbl.PK!=null && tbl.PK.IsAutoIncrement) { #> <# if (tbl.SequenceName==null) { #> [PrimaryKey("<#=tbl.PK.Name#>")] <# } else { #> [PrimaryKey("<#=tbl.PK.Name#>", sequenceName="<#=tbl.SequenceName#>")] <# } #> <# } #> <# if (tbl.PK!=null && !tbl.PK.IsAutoIncrement) { #> [PrimaryKey("<#=tbl.PK.Name#>", autoIncrement=false)] <# } #> [ExplicitColumns] public partial class <#=tbl.ClassName#> <# if (GenerateOperations) { #>: <#=RepoName#>.Record<<#=tbl.ClassName#>> <# } #> {

PetaPoco can use attributes to identify the DB table name and primary key column name, if that option is enabled.   The partial class definition is where the meat of the generation options are.  This is where I added 3 additional items.
public static string GetPrimaryKeyName() { return “<#=tbl.PK.Name#>”; } public static string GetTableName() { return “<#= tbl.Name #>”; } public static string[] GetColumns() { return new string[] { <# for(int i = 0, len = tbl.Columns.Count; i < len; i++) { Column col = tbl.Columns[i]; if (!col.Ignore) { #> “<#= col.PropertyName #>”<#= (i != tbl.Columns.Count – 1 ? “,” : “”) #> <# } } #> }; }

The first method creates a static reference to the name of the primary key.  The second option creates a static reference to the name of the table, and the last option retrieves all of the names of the columns as an array.   The benefit to this option is it’s not reflective, it’s generated with the code gen and therefore compiled and not evaluated at runtime, making it still a pretty fast operation.  And I can update my SQL statement like the following:
new Sql() .Select(Users.GetColumnNames()) .From(Users.GetTableName()) .Where(“IsActive = 1″)

And, if I want to use the Save override that takes the table name and PK name, I can use this:
var db = new MyContext(); db. Save(users.GetTableName(), users.GetPrimaryKeyName(), poco);


To go even further, for selecting, we can generate the shell select statement as such:

public static Sql GetSelectSql() { return new Sql() .Select(GetColumns()) .From(GetTableName()); }


This makes it even easier to craft your select statements. You would have to use these options if you disabled certain features (like auto generation of select statements) of the database to improve performance.  I hope this helps illustrate how we can use code generation to help improve our applications.

Windows 8 – Beta version targeted for February 2012

http://redmondmag.com/articles/2011/12/07/windows-8-beta-coming-february.aspx

QUOTE: Microsoft will release the beta of Windows 8 in late February, a company official announced yesterday.  The announcement came as part of a talk on Microsoft’s upcoming Windows Store, which will be the online selling presence for Windows 8 “Metro-style” applications, built on HTML 5, JavaScript, XAML and C languages. Antoine Leblond, vice president of Windows Web Services, disclosed the approximate release period for the Windows 8 beta. Prior to his talk, Microsoft officials had not publicly disclosed it.

Wireless Security – None v WEP v WPA v WPA2

ESET Security offers an excellent analysis on wireless security setup and WPA2 should be used for the best current levels of protection.

Wireless Security – None v WEP v WPA v WPA2 http://blog.eset.com/2011/12/30/could-hackers-break-into-your-wi-fi-wireless-router

QUOTE: You just got a new wireless router for Christmas, but when you set it up it asks about wireless security. Do you want WEP, WPA, WPA2 or any of the other alphabet soup options they give? While it’s easiest to just pick the default setting, are you setting yourself up for trouble from aspiring hackers? And what about the new WPS hack tool – called Reaver – does that make things worse?

NONEMany people never set a password to protect their WiFi, after all it’s just one more password to remember, right? And your neighbors aren’t THAT evil (you hope). On the other hand, if the neighbors use your internet, it could make everything slow down, and if they get malware, it can spread to computers in your house and leave some unwanted gifts which can be quite painful.

WEP — Let’s start with WEP (Wired Equivalent Privacy). WEP is a vast improvement over no password. Think of it like a car with at least the doors locked. The door locks might not be the ultimate in security, but lacking even basic door locks leaves you wide open to thieves, so it’s better than nothing. It will deter simplistic thieves as they may look for other easier opportunities. But if they wanted to crack it, WEP won’t give them much of a workout. Using modern tools, WEP can be cracked in a few minutes, and you’d have a mistaken sense of security that your home and network are protected. So let’s move up the security chain to something beefier that’s also an option on most modern routers, WPA.

WPA/WPA2 — WPA is short for Wi-Fi Protected Access, is tougher to crack. WPA2 was later added, making it even more difficult by toughening the encryption used on the traffic from your computer to the router. This makes it much more difficult for bad actors to intercept and trick your internet traffic into going places other than where you intend. If you have the choice, this is definitely an improvement over WEP, so use this at a minimum, preferably WPA2 if you have the option. Some routers also will give an option of TKIP vs. AES, use AES if you have the choice, it’s more secure.

Happy new year everyone!

Just a quick post to wish you all a happy new year!

Security – Could Transportation sector be impacted in future?

Security – Could Transportation sector be impacted in future?

These articles share some of the needs to strenghten security and privacy controls.  Hopefully, attacks will be prevented

PC Magazine Security – Could Transportation sector be impacted in future?
http://securitywatch.pcmag.com/security/292240-where-will-hackers-strike-next-transportation
http://www.reuters.com/article/2011/12/28/us-trains-security-idUSTRE7BR0C520111228
http://www.mercurynews.com/drive/ci_19633869

QUOTE: Practically every industry these days needs to be prepared for some kind of cyber threat, but the nature of the attacks and how the hackers carry out their assaults is ever-changing. Two news stories that popped onto my radar this week point to the different kinds of potential hacks that might occur, and both have to do with the transportation industry.

ISC – What new security risks will 2012 bring?

http://isc.sans.org/diary/Bye+2011+Hello+2012+what+will+you+have+in+store+for+us+/12301

QUOTE: With the last day of the year well and truly on the way in most parts of the world and almost finished in my part of the world it is probably a nice time to reflect a little bit on the year that was.  On the malware front I predict more of the same.  The basic things are still working, so why change.  Until the basic security controls are in place in most organisations as well as home computers most of the malware will continue to function without too much change in 2012.  We might see more tailored attacks on oranisations and breaking in is as simple as one click in many cases.

Lilupophilupop SQL injection attacks infect over one million pages

Webmasters and administrators should look for any signs of infection from this new SQL injection attack.  In many cases SQL attacks are mitigated through more secure programming conventions. Wild card character processing may allow more openess and convenience in user input, but may also allow SQL injection vulnerabilities).

Lilupophilupop SQL injection attacks infect over one million pages http://isc.sans.org/diary/Lilupophilupop+tops+1million+infected+pages/12304
http://isc.sans.edu/diary.html?storyid=12127

QUOTE: Earlier in the month we published an article regarding the lilupophilupop SQL injection attack. I though it might be a good time to reflect on this attack and see how it is going.  When I first came upon the attack there were about 80 pages infected according to Google searches.  Today, well as the title suggests we top a million, about 1,070,000 in fact (there will be duplicate URLs that show up in the searches. Still working on a discrete domain list for this).

Wish You A Great 2012 Year Ahead..!!

Wishing you all my blog readers a very happy and learning New Year 2012 ahead. I’ll try to come up with more articles in a coming year, so my blog can help mpre and more people to learn and shape up their career path.



 

 

 

 

 

 

 

 

Regards, Awinish & Family

Malware Challenges will continue in 2012

This article discusses the challenges associated with preventing malware
attacks in the coming year.

PC Magazine – Let’s Terminate Malware in 2012
http://securitywatch.pcmag.com/security/292164-let-s-terminate-malware-in-2012

QUOTE: Antivirus research is a cat and mouse problem. Each time the virus writers develop a new technique to spread
malware or steal private data, antivirus experts rush to build countermeasures.
To actually defeat the malware coders, we need to get out of strictly reactive
mode. That requires looking at the motivations that drive malware creators, not
just at their actions.

Malware earned about trillion dollars last year, according
Melissa Hathaway, former cyber-security advisor to the president. Trend Micros’s
researchers report that one malefactor spreading the KoobFace worm earned
$19,000 in a single day. A single attack can involve dozens of individuals or
gangs, each taking a cut of the profit. Trend’s experts put
together a report showing the entire complex economy surrounding modern malware manufacture. Click on the image to see the full
infographic.

Organized computer crime exists to make money. One way to
put the brakes on malware creation is to make it unprofitable. Sure, countering
their technology is one way to cut the profits. A brand-new threat is most
profitable immediately after its release, breaks even after it has spread
enough, and tapers off once antivirus tools start to counter it. Pushing
antivirus detection so it occurs before break-even would definitely cramp their
style.

How to restore the SharePoint Web Services IIS Web Site if accidently deleted

What NOT to do
Extend Web Application to Another IIS Web SIte

This week one of my clients had a particular issue that I found very funny. Turn out that someone a.k.a MySite killer decide to use “SharePoint Web Services” IIS web site to host a new extended web application.  As you may know, “SharePoint Web Services” IIS web site it’s a common web site that other service applications use, so it’s very important to leave intact and without any changes. SharePoint Configuration Wizard a.k.a PSConfig.exe provisions this web site.


But you know, things happen, for those who are new to the platform and are not familiar with the UI they can make mistakes thinking that Use and existing IIS web site is the same that Use an existing application pool. And also once noticing that extended web application is not working you can always remove extended zone and guess what? You will erase the Root folder that SharePoint Web Services IIS web site is pointing and that’s too not good.

Found this amazing article but didn’t work, the reason was that Root folder is missing and IIS web site is not properly referenced. I decide to copy Root folder from other server, dropped on C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14WebServices and run it again. It works properly.

Now client SharePoint farm it’s working just fine.

Hope it helps!


Recent Comments