Yesterday, I was reading the MSDN FLASH email newsletter and saw a listing for another SQL injection article. Since one of Wayne's sites was recently hacked, I thought I would read it. The article is clear and gives explicit steps to take. Since I had only done one of the three things (SQL stored procs), I thought I would mess with the last one: execute permissions only.

Wayne pointed me to a stored proc to grant permissions to a user. Since users and roles are one of those areas that after you have them set up correctly, you don't mess with them, I stumbled my way through creating a user. I ran the stored proc (which will have to be run after every .netTiers generation), modified my sql connection in web.config and tried my pet project site. I get an error about SELECT statements and permissions. .netTiers was supposed to be configured in web.config to use stored procs but apparently not. So I change the file, build, and still get the error. Someone, somewhere is caching something. Close everything done. Reopen. Change web.config and checkin with comment. Test again and it works.

This is a really bad way to find a problem. It's getting to the point that I need someone to check my security changes so this type of thing isn't missed.

Volume 14 of Make Magazine has an interesting article on free web sites - web site builders that also host the end resulting web site.

Here is my latest article on 15seconds.com: http://www.15seconds.com/issue/080529.htm titled "Implementing the .netTiers Template Library as a .NET Website's Data Layer - Part I"
 

Now I'm trying to get all my blogs tied together. Most are DasBlog so no big deal only what is the endpoint? The documentation lists blogger.aspx off the root but the file isn't there. Apparently from the forums I'm not the only one with the issue. However, I thought I bet it is there virtual. So I enter that in the address bar and I get a response of web service methods available. Nice - why doesn't the documentation say the page isn't there but the dll will respond.

I get an email every friday about the new events for families on the weekend on www.neighborhood-kids.com. The design is great. I love it, but my eyes and mind do skip over things in the page just assuming they are pretty but useless. Then I noticed the clock at the top of the page was right about the time. Wow, that is cool. I'm going to have to pay closer attention to what is technically happening on web sites.

Living in the northwest is wonderful but when spring and summer start to show up (meaning the sun makes a regular appearance), I totally loose all motivation. My brother from England worked a summer for Boeing in Seattle a few years ago. He was shocked that people didn't do any work in the summer. I was always luck at Microsoft to not have a summer ship date. That would have totally sucked.

How can I think about writing code and the project when the sun is out just laughing at me, taunting me to come out.

There are a few times in my life when a project phase just goes on forever. Back in my Microsoft days, I hated the last stages of the ship cycle. People were burned out, higher-ups were already on to the next phase. Front-line devs, testers, pms, and writers were either too burned out to function or too hyped up to listen. The mid-level guys were running interference every which way. The bell-curve was watched and the marketing dicks were breathing down everyone's throat and lord help you if you broke the build. I was thrilled when my boss finally made the rounds to ask if I thought the product was ready to ship. He asked everyone personally instead of some meeting where the team bully could badger me into saying something I would regret.

And here I am with my own project in the end of one of the first phases and I trudge on. I'm not near enough done. No ship award in my near future.

I'm moving some duplicate code from a codebehind file to a class file so I can reuse it. I'm tired and it's a bit late for my best programming so I'm trying to remember is the c# return type also null now. Or maybe no return type needs to be specified if a variable isn't returned (is that vb?). If null works in SQL and it works an an object value to compare against in c#, why can't null be a valid return type instead of void. What does void really say under the covers that is so different from null. Isn't void a carryover from c and c++. Perhaps it's older than that. Why do I need to remember yet another keyword that has no value. No, that's not a pun. I have too many numbers and words in my head that have to be pulled out at a moment's notice. Why add one more? Get rid of void. Just rip it right out.