Broken Thoughts

A best practice in .Net development is to have as much of your code in reusable libraries as possible. This cuts down on development time and helps enforce business standards across all applications. One problem however is that sometimes reusable libraries need to have a few customizations. The easiest way is to create a Settings file and set each property through the use of the app.config or web.config.

A more complicated solution is to create your own custom configurations. In my case, I have an enormous library that consists of different parts. I have database tools, data caching, encryption, cookie management, querystring management, Infocard support, email wrappers, as well as several other useful tools. Being a perfectionist, I like to have my settings split out by the piece they belong to. Sure, there is more xml in the config file, but, if I only want to use one section of my code I don’t need to have the whole configuration. Plus, having the configurations split out means I can easily split my library up into multiple DLL’s down the road.
Read more »

I once attended a Microsoft Technet Event where they were showing off the new (at the time) .Net 3.0 features. As a self-taught .Net developer, I’m always looking for little tricks and shortcuts and cool things that make my life easier. As I watched the Demo, one thing I noticed was they were using a method that allowed for the use of an infinate number of parameters of the same type. I went home after the conference and immediately began researching what this infinate parameter was and how to use it in my own methods.
Read more »

Encryption is a vital part to any web application. It is important that all variables, both in cookies and in the query string are encrypted for protection. By exposing your variables such as http://www.mysite.com/?x=10000 you leave it open for people to experiment with putting in different Id’s. While your code should make sure that anyone requesting content with the specified Id, it is a good practice to encrypt all your values to make sure no one can guess through your website.

Also, if you do not encrypt a cookie, you leave the contents open to anyone who would use an XSS attack to pull the cookie across domains. Leaving the cookie open just leaves hackers another back door into your site. To be fair, if a hacker was able to steal a cookie set on your domain, they would therefore be able to set the same cookie for them self. While encryption can’t stop an attacker from mimicking a user via their cookie, it could hinder them from learning what information you are storing.

In current cryptography, there are currently 3 major algorithms used. The first algorithm is Data Encryption Standard (DES). In .NET, DES uses 64 bit encryption. The next step up is Triple DES which uses 3 separate DES keys to provide 128 bit encryption. The most secure algorithm and the current standard used by the Department of Defense is AES or Rijndael. In .Net, Rijndael provides 256 bit encryption.

Read more »

In 2.0, Generics were added. If you haven’t played with generics before, they are a way of declaring a type for an object for the compiler, such as a list, without having to use the System.Object class.  In this way, you can have strongly typed lists instead of a list of objects that you must then typecast when you pull them back out. 

 If you think of generics outside the programming world, you might think of generic medicine.  It is medicine that has the same effects as the name brand stuff, but isn’t attached to any brand.  Generics in programming are like this.  They aren’t bound to a type, but share the same methods and classes.

Here are a few examples of the List object from System.Collections.Generics.  The list is exactly as it says.  You add items to the list that are the same type as you delcare, and then access them using a zero-based index.  It’s similar to the ArrayList from System.Collections, but the return type of the items is not System.Object that must be typecast.

Read more »

Have you ever gone to a website where you have to click to activate a flash control?  This is only an issue if your users use IE.  A blaring example of this is to open any wordpress page that has Youtube video on it.  You have to click it before you can actually click it to start it playing.  Microsoft was forced to enable this on their browsers, but there is a very simple solution to the problem that only a few website developers seem to implement.

According to the W3C, IE was used by 57% of the people browsing the internet.  If you are using flash on your site and you are not using a workaround for activation, you are annoying over 1/2 your user base.  Lucky for you, I have compiled the solution into a simple ASP.NET 2.0 control that you can use.  Don’t like ASP.NET?  You can take the principals of the workaround and apply them to any language.

The basis for the workaround is that any flash tags written via javascript are immune to the ActiveX activation.  The problem that I discovered while building this control is that all browsers behave differently when it comes to javascript.  My first version of the control used <noscript>…</noscript> tags to show the control normally if the user has javascript disabled.  The problem we found is that Safari does not support noscript tags.  On Safari on a mac, no flash would appear.  So, I reworked the control to detect the browser version.  If it is any version of IE, it uses javascript to write the flash and <noscript>…</noscript> as a backup.  For all other browsers, the ActiveX activation is not a problem, so I just write the flash out normally, thus eliminating the pesky javascript issues.

Read more »