My blackberry just threw an exception. The consumer in me thinks oh, $%^@#$. The programmer in me thinks that's so cool, I wonder what did it. A hard boot got the thing going again.
Monday, June 30, 2008
Wednesday, June 25, 2008
User Login, Create User, Send Password close to done
The basics for the login pages are done. A few more tweaks and that will be done.
It might seem like I take forever but in truth, I don't have many hours a week to give to this pet project right now. I hope to have more time this fall.
Friday, June 6, 2008
The Dark Side of Extension Methods
In my quest to find a suitable generic update method for a generic LINQ Data Access class I have found a decent amount of code and even more theories (sans code). Some good, some verbose, and a lot bad. It seems that Extension Methods are a fan favorite for just about everything nowadays and I wasn't suprised to see Extension Methods being used for LINQ to SQL updates.
In reading about Extension Methods I have heard good and bad feedback. The good usually involves the convenience of bypassing a utility class and the bad involving code readability / maintability. Forgive me for I am the William Hung of LINQ as I have had no formal training in this arena, but IMHO Extension Methods are a pain-in-the-ass when ExtensionMethodA returns the result of ExtensionMethodB which depends on the output of ExtensionMethodC which ..... Here is an example of what I am talking about in pseudo-code:
public static bool Update<T>(this Table<T> table, T instance) where T: class
{
try
{
// do stuff here with parameters...
return table.Foo() > 0;
}
catch (Exception)
{
return false;
}
}
public static int Foo<T>(this Table<T> table) where T: class
{
return table.GetEnumerator().Bar();
}
public static int Bar<T>(this IEnumerator<T> e) where T : class
{
return 1;
}
Horrible example yes and for that I apologize. Hopefully you see where I am going with this and that if you are given a similar codebase it can be quite confusing. When I first heard of extension methods I though they were for simple utility tasks such as outputting a decimal value as a dollar amount (again, doesn't REALLY warrant an extension method but...):
public static string PrintWithDollarSign(this decimal input)
{
return input.ToString("c");
}
Simple. Effective. Here's how you would use:
Console
.WriteLine(instance.Price.PrintWithDollarSign());
Cheap. No frills. I could have just bypassed this extension method altogether but it provides a very "Hello World"'y introduction to extension methods for those of you not hip to them. In my previous example if you had an object with a decimal
property and the value was 5.00 the output would be $5.00. Easy.
Anyone care to chime in on extension methods relying on other extension methods? I'd love to get some feedback.
Thursday, June 5, 2008
Adding unique indexes to SQL Tables
Now that I'm diggging a little deeper into my pet project web site, I'm learning how I really use the data. The Get() methods provided by .netTiers are great but I thought I would have more. I started looking at my database starting with the aspnet_Membership tables. I would expect unique indexes on something as obvious as the email column but it is not there. Same goes for other obvious columns in these microsoft-provided tables. So I add unique indexes to the membership tables. Of course, I do the same for my own custom tables and find that some of the text or varchar(max) have to be changed. No biggie but another step I have to take.
Now that the database is set, I need to regen the .netTiers templates, rerun the GrantUser stored proc, build the .netTiers stuff and copy it into the /bin of my project. Not hard work but just tedious to get each step completed and move on to the next one. All this so my .Get methods are consistent with my usage of the library.
All this so I can get my validators working - I really hate validators.
Wednesday, June 4, 2008
New SQL security finds web.config hole
Yesterday, I was reading the MSDN FLASH email newsletter and saw a listing for another SQL injection article. Since one of Wayne's sites was recently hacked, I thought I would read it. The article is clear and gives explicit steps to take. Since I had only done one of the three things (SQL stored procs), I thought I would mess with the last one: execute permissions only.
Wayne pointed me to a stored proc to grant permissions to a user. Since users and roles are one of those areas that after you have them set up correctly, you don't mess with them, I stumbled my way through creating a user. I ran the stored proc (which will have to be run after every .netTiers generation), modified my sql connection in web.config and tried my pet project site. I get an error about SELECT statements and permissions. .netTiers was supposed to be configured in web.config to use stored procs but apparently not. So I change the file, build, and still get the error. Someone, somewhere is caching something. Close everything done. Reopen. Change web.config and checkin with comment. Test again and it works.
This is a really bad way to find a problem. It's getting to the point that I need someone to check my security changes so this type of thing isn't missed.
Monday, June 2, 2008
Free Personal Websites
Volume 14 of Make Magazine has an interesting article on free web sites - web site builders that also host the end resulting web site.