Developing for the web – HTML5 vs RIA plugin

 


I’m interested to see what the thoughts are for people on web development, where it’s heading and the valid replacement of Flash, Silverlight, Pivot and JavaFX by HTML5.

To start the discussion from one end (and to advocate at least one perspective, playing devils advocate here), then i don’t think HTML5 will replace the RIA plug-ins.

I know that one of the aims of HTML5 is to eliminate the need for those plug-ins in the browser today.

Do you believe it’ll fully eliminate the need for those plugins? Personally my opinion is that it wont. The capabilities offered via those plugins far exceeds the capabilities offered by HTML5 to date (remember, HTML5 is still beta/draft etc).

Now it is obvious that HTML has had an upgrade pending since the last release and this is definitely a step in the right direction.

What’s your take on it?

 

Securing your application. Part 2 – Securing your data

We’ve just had a look at how to secure your connection in Part 1 so obviously everything is now all honkey dorey on that end.

Some of the other areas that you naturally have to look at is the environment/infrastructure/network and your data itself. It’s not much use to encrypt and secure the data that you’re transferring if the actual data itself isn’t protected.

What i hear you say? my IT guys got that under control..firewalls up the wazzooo…everything’s patched and service packed!

Of course that’s not really enough and we know this – we just sometimes choose to leave that in the hands of those other people – network engineers.

If we look at SQL Server 2008 then there’s a lot of new capabilities available to us for data security.

SQL Server 2008 Encryption Capabilities

  • in-built cryptography hierachy for the creation of assymetric, symmetric keys as well as certificates
  • Transparent Data Encryption (using database encryption keys – DEK)
  • Signing of code modules (using keys or certificates)

Creating certificates

 It’s not that  complex to create a certificates (btw, all SQL Server certificates comply wit hthe IETF X.509v3 certificate standards) on SQL Server 2008., it’s as simple as using T-SQL.

Self-signed certificate

CREATE CERTIFICATE name ENCRYPTION BY PASSWORD = ‘strong password goes here‘ WITH SUBJECT = ‘subject goes here‘ EXPIRY_DATE = ‘expiry date goes here

Certificate from a signed executable file

CREATE CERTIFICATE name FROM EXECUTABLE FILE = ‘file path goes here.dll

Certificate from a file

CREATE CERTIFICATE name FROM FILE = ‘file path goes here.cer‘ WITH PRIVATE KEY (FILE = ‘file path goes here.pvk‘, DECRYPTION BY PASSWORD = ‘strong password goes here‘)

Using Transparent Data Encryption

TDE is a real-time, physical I/O encryption/decryption of both the database file and the log file – this is done by using the database encryption key (DEK).

The DEK is stored in the boot record and is a symmetric key which is also secured by a certificate.

It’s important to note that TDE does not encrypt the transfer of data (eg. it encrypts the data itself, but not the connection/network communication) and that you should always back up the certificate and private key for it.

The simple steps of using TDE are:

  • Create master key
  • Create certificate protected by said master key
  • Create database encryption key and protect it with the certificate we created earlier
  • Set ENCRYPTION to ON for the database

This is again done with T-SQL:

USE master; GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘strong password goes here’; GO
CREATE CERTIFICATE name WITH SUBJECT = ‘subject for the certificate goes here‘; GO
USE database_name; GO
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = algorithm_choice_here ENCRYPTION BY SERVER CERTIFICATE name_from_certificate_we_just_created; GO
ALTER DATABASE database_name SET ENCRYPTION ON GO

There’s several types of algorithms you can use to create the database encryption key:

  • AES_128
  • AES_192
  • AES_256
  • TRIPLE_DES_3KEY

 —————————————————————————————–

Securing your application. Part 1 – Securing your connection
Securing your application. Part 2 – Securing your data

Securing your application. Part 3 – Securing your code (coming)

Securing your application. Part 1 – Securing your connection

I guess this is one of my pet hates/loves – too often i come across applications that makes it’s database connection strings freely available to anybody who knows where to look.

As a junior developer, the main focus is generally just to secure the connection string and leave it at that – the IT guys knows what they’re doing. But, untold amount of data is being transfered across domains, networks or even in the public, without any thought for how that data is secured.

I’m sure many that’s worked in the finance industry (banking anyone) is aware of how important it is to secure that data…we’re dealing with money here, so it’s an obvious fact that it needs to be safe.

So, how do we do it? or do we care? i mean, the famous last words of any application exposed to the public is “it wouldn’t happen to me, right?”.

Where do we start? 

Encrypting web.config connectionstrings

The obvious first choice would be to take whatever details you’re storing in your config files and make it unavailable – check (web.config isn’t readable from the web….or is it?).

naturally we don’t want to encrypt everything – so lets just do those that are important for now.

Connectionstrings, encrypt:

aspnet_regiis -pe “connectionStrings” -app “/AppName” -prov “RsaProtectedConfigurationProvider”

ConnectionString, decrypt:

aspnet_regiis -pd “connectionStrings” -app “/AppName”

Now we’ve encrypted the connectionstring – data is safe..nah, of course not – this only encrypts that section of the web.config with a machine-level key. data is still being transfered between servers in plain text.

Next is a simple way to ensure that your data is being encrypted – get hold of a SSL and use the SQLClient connectionstring object’s feature called Encrypt. this ensures that all data sent between the client and server are encrypted.

What other methods do you use/know that can make your application connections more secure?

There’s many ways to skin a cat – but you have to start somewhere..

—————————————————————————————–

Securing your application. Part 1 – Securing your connection
Securing your application. Part 2 – Securing your data

Securing your application. Part 3 – Securing your code (coming)

Geeky Family Counselling, Boyfriend 5.0 upgrade to Husband 1.0

I had this sent to me yesterday and thought you might like to have a bit of a giggle!
——————————————————————————–

INSTALLING A HUSBAND
Dear Tech Support,

Last year I upgraded from Boyfriend 5.0 to Husband 1.0 and noticed a distinct slow down in overall system performance, particularly in the flower and jewellery applications, which operated flawlessly under Boyfriend 5.0.

In addition, Husband 1.0 uninstalled many other valuable programs, such as
Romance 9.5 and Personal Attention 6.5, and then installed undesirable programs such as

NBA 5.0,
NFL 3.0 and
Golf Clubs 4.1.

Conversation 8.0 no longer runs, and Housecleaning 2.6 simply crashes the system.
Please note that I have tried running Nagging 5.3 to fix these problems, but to no avail.

What can I do?

Signed,
Desperate.
——————————————————————————–

DEAR DESPER ATE,
First, keep in mind, Boyfriend 5.0 is an Entertainment Package, while
Husband 1.0 is an operating system.

Please enter command: ithoughtyoulovedme.html, try to download Tears 6.2, and do not forget to install the Guilt 3.0 update.

If those applications work as designed, Husband 1.0 should then automatically run the applications Jewelry 2.0 and Flowers 3.5.

However, remember, overuse of the above application can cause Husband 1.0 to default to Grumpy Silence 2.5, Happy Hour 7.0, or Beer 6.1.

Please note that Beer 6.1 is a very bad program that will download the Snoring Loudly Beta.

Whatever you do, DO NOT under any circumstances install Mother-In-Law 1.0 (it runs a virus in the background that will eventually seize control of all your system resources.)

In addition, please do not attempt to reinstall the Boyfriend 5.0-program. This is an unsupported application and will crash Husband 1.0.

In summary, Husband 1.0 is a great program, but it does have limited memory and cannot learn new applications quickly.. You might consider buying additional software to improve memory and performance. We recommend:

Cooking 3.0 and
Hot Lingerie 7.7.

Good Luck!
Tech Support

LIDNUG: Scott Guthrie Talks Shop IV recording now live

After yet another fantastic session with Scott Guthrie last week, we’ve uploaded the recording from the session.

The man just simply doesn’t stop amazing me – his depth of knowledge is phenomenal, to put it mildly.

Naturally the upcoming releases of Visual Studio 2010, ASP.Net 4, .Net 4, Silverlight 4 etc were the most prominent topics for questions put Scott’s way.

To download the recording, go to our unofficial web site – www.lidnug.org/presentations.aspx

While you’re there, why not download Joe Albahari’s session recording – What’s new in C# 4.0 – this was probably one of the best technical sessions we’ve had yet.

The Rangers shipped Visual Studio 2010 TFS Upgrade Guide

Finally!!! I got a TFS 2008 setup (multi-server environment) here and we’re in the process of tackling the (historically that is) dreaded TFS upgrade…so it simply just couldn’t  come at a better time!

Pure Gold: Visual Studio 2010 TFS Upgrade

Visual Studio 2010 TFS Upgrade Guide
Welcome to the Team Foundation Server (TFS) 2010 Upgrade Guide. This guide covers scenarios which may be encountered during and after the upgrade process. It provides examples of most common and potential issues. It covers scenarios related to general Upgrade Process, Work Item Templates, Reports, and Enterprise TFS Management (ETM). Although this guide refers to TFS 2008 scenarios, almost all the concepts apply also to TFS 2005.

Visual Studio ALM Rangers
This guidance is created by the Rangers who have the mission to provide out of band solutions for missing features or guidance. This content was created with support from Microsoft Product Group, Microsoft Most Valued Professionals (MVPs) and technical specialists from technology communities around the globe, giving you a real-world view from the field, where the technology has been tested and used.

What is in the package?
A single document with the following contents:
1 Introduction
2 Upgrade Process
3 Scenarios
3.1 Upgrading Projects from Multiple TFS 2008 servers into one TFS 2010 server
3.2 Upgrading severs when SQL Mirroring is enabled
3.3 Recovering system if upgrade fails midway
3.4 Updating Team Project Portal for an existing Team project
3.5 Splitting Team Project Collection into Multiple Collections
3.6 When I move a Team Project Collection, how do I move the reports?
3.7 Bringing Workgroup Machine inside Domain
4 Frequently Asked Questions
4.1 Can I use a TFS2008 Process Template to create team projects in TFS 2010
4.2 How can I enable Agile Workbooks in upgraded Projects
4.2.1 Enabling the Product Backlog Workbook
4.2.2 Enabling the Iteration Backlog Workbook
4.3 How can I enable Test Case Management in upgraded project
4.4 How can I enable Branch Visualization in upgrade projects
4.5 How can I enable Lab Management in upgrade projects
4.6 What is WIT Admin Tool
4.7 What happens to my custom reports created in TFS2008 post upgrade?
4.8 Will my old TFS2008 reports work post upgrade?
4.9 Can I add a new Database to my existing TFS 2010 farm?
4.10 Error bringing cloned Team Project Collection online
4.11 Move Team Project Collection Database from one Database server to another Database Server
4.12 How to enable the TFS reports if the WSS server is upgraded to MOSS server?
4.13 How to Move Team Projects from one Team Project Collection to another
5 References

LIDNUG: What’s new in C# 4.0 with O’Reilly author and MVP, Joe Albahari

The Linked .Net Users Group is putting on a huge range of “shows” in the next couple of months – starting with an absolute kick-ass presentation by Joe Albahari (www.albahari.com) the author of C# 3.0 in a Nutshell and the upcoming of C# 4.0 in a Nutshell, plus not to forget he’s the creator of one of the best LINQ tools out there – LINQPad.

yes, i know that it’s on Australia Day here, but it’s at 7AM – not quite drunk yet and what better way to kick off the day with some supreme geekdom!

About the event:

Title What’s new in C# 4.0
Venue Live Meeting
Date January 26, 3PM PST
Cost FREE (duh!)
Presenter Joe Albahari (http://www.albahari.com)

joseph_albahari Joe Albahari, author of C# 3.0 in a Nutshell, is a software architect and developer with 17 years’ experience in the health, education and telecommunication industries.

He is currently a Systems Architect at Technosis in Australia.

Joe has a keen interest in LINQ, and is author of LINQPad – the code snippet IDE for interactively querying databases in LINQ.

He specializes in integrating LINQ into corporate multi-tier applications and creating extensions to maximize query composability.

Joe is also a C# MVP.

About the event: C# 4.0 introduces some of the most controversial new language features to date – including optional parameters, named arguments and (horror) dynamic typing!

In this presentation, Joe will demonstrate C# 4.0’s new features in a practical context, exploring potential uses, benefits, traps and best practices.

You’ll see a novel design pattern that may change your opinion on dynamic programming, and also how C# 4.0 simplifies interop with Office, COM and dynamic languages such as Python.

Register for the event:
http://events.linkedin.com/LIDNUG-Whats-new-C-4-0-Joe-Albahari/pub/208474

MSDN AU Book club, Big algorithms made easy with F# (presented by Joel Pobar)

Microsoft Australia is really kicking off this year – seeing more and more this year – and it’s only January!!!!

Now, the fellas are going all out and throwing the MSDN Australia team in gear by launching the MSDN Australia Book Club – this event is organised by Andrew Coates.

First up is Joel Pobar who’s going to run through his awesome presentation “Big Algorithms made easy with Microsoft F#”.

Here’s some more information if you’re interested:

http://blogs.msdn.com/chlong/pages/msdn-book-club.aspx

Want to be first with the MSDN AU news? Why not join the MSDN AU LinkedIn Group and get the scoops straight away!

LIDNUG: A lap around Telerik Developer Tools for Web Developers

First event for LIDNUG in 2010 – Telerik is sending their very best: Todd Anglin.

A fellow MVP and also Telerik Chief Evangelist, Todd Anglin’s known for his huge contributions to the community as well as his book “Introducing Silverlight 1.1” which was released in June 2009.

As usual, this is a Live Meeting event and will be recorded.

About the event:

Title: A lap around Telerik Developer Tools for Web Developers
Venue: Live Meeting
Date: January 7, 11:00AM PST
Cost: FREE (duh!)
Presenter: Todd Anglin (http://blogs.telerik.com/ToddAnglin/Posts.aspx)
  Todd_Anglin

Todd Anglin is an active .NET community member, President of the North Houston .NET User Group, an O’Reilly author, Microsoft MVP and Telerik’s Chief Evangelist.

At Telerik, Todd is responsible for educating Telerik’s global community of developers and helping ensure Telerik’s products serve the needs of .NET developers around the world. In the general .NET community, Todd is an active author and speaker, focusing primarily on ASP.NET and Silverlight.

About the event:

telerik-logoAs pragmatic developers, we want to find ways to minimize the time we spend writing “standard” code so we can maximize the time we spend writing code that makes our businesses money.

Telerik offers many tools and components designed to enable just that: maximum developer productivity. Come join Telerik Chief Evangelist and Microsoft MVP Todd Anglin for a quick lap around the various tools and components Telerik now makes to maximize the speed of web development.

Everything from advanced server controls for ASP.NET AJAX to modern UI extensions for ASP.NET MVC to related tools like OpenAccess ORM and Telerik Reporting will be covered. Come figure out how these tools can be used together for great results in your next project.

Two Telerik Premium Collection licenses will be given away to randomly selected attendees of this session.

Register for the event: http://events.linkedin.com/LIDNUG-Lap-Around-Telerik-Developer/pub/147370