I took off 4 months to remodel my kitchen, in that time I did no programming.  Now I am back to work for at least a week now.  I havn't forgotten anything (except for the SQL Server sa password -- which means that it is a good one.)  I can program just as well as before I left. 

{6230289B-5BEE-409e-932A-2F01FA407A92}

I was investigating a starter website and noticed that it mentioned subsonic. Since third-party components can be tricky for implementation and security, I went to see what it was. Subsonic is an open source Data Access Layer. Someone has probably mentioned it to me before but it didn't register. The website has videos using subsonic which are great. Subsonic connects to the database and creates a DAL for a .Net project which uses intellisense for discovery. The only thing that worries me is that the connection isn't through SPs they create but they say they parse the SQL commands so that SQL injection isn't a problem. I also watched another video of theirs about their REST handler on their tips and tricks page. While I still like .NetTiers for my DAL (which requires a purchase of CodeSmith), I liked the easy of use and the fact that CodeSmith is not required. Just as I was grumbling to myself about a startersite for this, I found the link on the front page of their site for just that. It's a content management site that includes login, page generation, etc. The video cut out on me halfway through but I got the main idea and I liked it. I also noticed that the video mentioned FCKeditor which I hadn't heard of before.

I like this stuff but will probably use it for my own admin pages. It's not that the product is bad but I want to go through generated sp's and I like that .NetTiers gives me an admin site and web service. .NetTiers is also a layer I know who to code to and go farther with in terms of specificity and inheritance. But I really like this subsonic stuff.

My blackberry just threw an exception. The consumer in me thinks oh, $%^@#$. The programmer in me thinks that's so cool, I wonder what did it. A hard boot got the thing going again.

The basics for the login pages are done. A few more tweaks and that will be done.

It might seem like I take forever but in truth, I don't have many hours a week to give to this pet project right now. I hope to have more time this fall.

In my quest to find a suitable generic update method for a generic LINQ Data Access class I have found a decent amount of code and even more theories (sans code).  Some good, some verbose, and a lot bad.  It seems that Extension Methods are a fan favorite for just about everything nowadays and I wasn't suprised to see Extension Methods being used for LINQ to SQL updates.

In reading about Extension Methods I have heard good and bad feedback.  The good usually involves the convenience of bypassing a utility class and the bad involving code readability / maintability.  Forgive me for I am the William Hung of LINQ as I have had no formal training in this arena, but IMHO Extension Methods are a pain-in-the-ass when ExtensionMethodA returns the result of ExtensionMethodB which depends on the output of ExtensionMethodC which ..... Here is an example of what I am talking about in pseudo-code:

public static int Bar<T>(this IEnumerator<T> e) where T : class
{
   return 1;
} 

Horrible example yes and for that I apologize.  Hopefully you see where I am going with this and that if you are given a similar codebase it can be quite confusing.  When I first heard of extension methods I though they were for simple utility tasks such as outputting a decimal value as a dollar amount (again, doesn't REALLY warrant an extension method but...):

Simple. Effective. Here's how you would use:

Cheap. No frills.  I could have just bypassed this extension method altogether but it provides a very "Hello World"'y introduction to extension methods for those of you not hip to them.  In my previous example if you had an object with a decimal property and the value was 5.00 the output would be $5.00. Easy.

Anyone care to chime in on extension methods relying on other extension methods? I'd love to get some feedback.

Now that I'm diggging a little deeper into my pet project web site, I'm learning how I really use the data. The Get() methods provided by .netTiers are great but I thought I would have more. I started looking at my database starting with the aspnet_Membership tables. I would expect unique indexes on something as obvious as the email column but it is not there. Same goes for other obvious columns in these microsoft-provided tables. So I add unique indexes to the membership tables. Of course, I do the same for my own custom tables and find that some of the text or varchar(max) have to be changed. No biggie but another step I have to take.

Now that the database is set, I need to regen the .netTiers templates, rerun the GrantUser stored proc, build the .netTiers stuff and copy it into the /bin of my project. Not hard work but just tedious to get each step completed and move on to the next one. All this so my .Get methods are consistent with my usage of the library.

All this so I can get my validators working - I really hate validators.

Yesterday, I was reading the MSDN FLASH email newsletter and saw a listing for another SQL injection article. Since one of Wayne's sites was recently hacked, I thought I would read it. The article is clear and gives explicit steps to take. Since I had only done one of the three things (SQL stored procs), I thought I would mess with the last one: execute permissions only.

Wayne pointed me to a stored proc to grant permissions to a user. Since users and roles are one of those areas that after you have them set up correctly, you don't mess with them, I stumbled my way through creating a user. I ran the stored proc (which will have to be run after every .netTiers generation), modified my sql connection in web.config and tried my pet project site. I get an error about SELECT statements and permissions. .netTiers was supposed to be configured in web.config to use stored procs but apparently not. So I change the file, build, and still get the error. Someone, somewhere is caching something. Close everything done. Reopen. Change web.config and checkin with comment. Test again and it works.

This is a really bad way to find a problem. It's getting to the point that I need someone to check my security changes so this type of thing isn't missed.

Volume 14 of Make Magazine has an interesting article on free web sites - web site builders that also host the end resulting web site.