Showing posts from June, 2008

Blackberry thows exception

My blackberry just threw an exception. The consumer in me thinks oh, $%^@#$. The programmer in me thinks that's so cool, I wonder what did it. A hard boot got the thing going again.

User Login, Create User, Send Password close to done

The basics for the login pages are done. A few more tweaks and that will be done. It might seem like I take forever but in truth, I don't have many hours a week to give to this pet project right now. I hope to have more time this fall.  

The Dark Side of Extension Methods

In my quest to find a suitable generic update method for a generic LINQ Data Access class I have found a decent amount of code and even more theories (sans code).  Some good, some verbose, and a lot bad.  It seems that Extension Methods are a fan favorite for just about everything nowadays and I wasn't suprised to see Extension Methods being used for LINQ to SQL updates. In reading about Extension Methods I have heard good and bad feedback.  The good usually involves the convenience of bypassing a utility class and the bad involving code readability / maintability.  Forgive me for I am the William Hung of LINQ as I have had no formal training in this arena, but IMHO Extension Methods are a pain-in-the-ass when ExtensionMethodA returns the result of ExtensionMethodB which depends on the output of ExtensionMethodC which ..... Here is an example of what I am talking about in pseudo-code: public static bool Update<T>( this Table <T> table, T instance) where T: class

Adding unique indexes to SQL Tables

Now that I'm diggging a little deeper into my pet project web site, I'm learning how I really use the data. The Get() methods provided by .netTiers are great but I thought I would have more. I started looking at my database starting with the aspnet_Membership tables. I would expect unique indexes on something as obvious as the email column but it is not there. Same goes for other obvious columns in these microsoft-provided tables. So I add unique indexes to the membership tables. Of course, I do the same for my own custom tables and find that some of the text or varchar(max) have to be changed. No biggie but another step I have to take. Now that the database is set, I need to regen the .netTiers templates, rerun the GrantUser stored proc, build the .netTiers stuff and copy it into the /bin of my project. Not hard work but just tedious to get each step completed and move on to the next one. All this so my .Get methods are consistent with my usage of the library. All this so I

New SQL security finds web.config hole

Yesterday, I was reading the MSDN FLASH email newsletter and saw a listing for another SQL injection article. Since one of Wayne's sites was recently hacked, I thought I would read it. The article is clear and gives explicit steps to take. Since I had only done one of the three things (SQL stored procs), I thought I would mess with the last one: execute permissions only. Wayne pointed me to a stored proc to grant permissions to a user. Since users and roles are one of those areas that after you have them set up correctly, you don't mess with them, I stumbled my way through creating a user. I ran the stored proc (which will have to be run after every .netTiers generation), modified my sql connection in web.config and tried my pet project site. I get an error about SELECT statements and permissions. .netTiers was supposed to be configured in web.config to use stored procs but apparently not. So I change the file, build, and still get the error. Someone, somewhere is caching so

Free Personal Websites

Volume 14 of Make Magazine  has an interesting article on free web sites - web site builders that also host the end resulting web site.