Web

Last week I learned a very interesting lesson. I am just in the end phase of a custom software delivery project. Using OLIVANOVA’s model driven software development approach, I created a three-tier application with an ASP.NET client, a COM+ based server tier and MS SQL Server as the persistence layer. The COM+ application is deployed to a dedicated server along with the SQL Server database management system. The ASP.NET application is created on another server that lives in a DMZ (demilitarized zone). This web server does not have access to the Internet from inside, but is accessible from outside of this company. A connection (HTTP) from the web-server to the database server is then responsible for communication between the user-interface and the server tier. ...

Microsoft has released a security advisory about a vulnerability in ASP.NET. A security patch is already available here. Below are some details on how the vulnerability works: “To understand how this vulnerability works, you need to know about cryptographic oracles. An oracle in the context of cryptography is a system which provides hints as you ask it questions. In this case, there is a vulnerability in ASP.NET which acts as a padding oracle. This allows an attacker to send cipher text to the web server and learn if it was decrypted properly by examining which error code was returned by the web server. By making many such requests (and watching what errors are returned) the attacker can learn enough to successfully decrypt the rest of the cipher text.” (quoted from Scott Guthrie’s blog)

To me, Silverlight has always been a fascinating technology. I started playing around with Silverlight back in September 2007. Since then, I always wanted to create a Silverlight user interface for OlivaNova. With the first versions, the lack of standard data controls made it really difficult to implement a data-driven application. A lot has changed since then and today the time is ripe to begin afresh. The software architecture basically looks like this: ...

Today I learned an interesting feature of JavaScript along with Firebug. Instead of using “alert” to display some trace information, you can use “console.log (“my message”);”. Together with the free web development tool Firebug, this information can then be shown in Firebug’s console window. This is extremely helpful when trying to debug some AJAX code. Please visit this website to get more information. Saved my day ;-)