derek hatchard

aggregating from ardentdev.com and derekhat.com

March 2006 - Posts

Obtuse Error Messages Are Evil
Posted at Ardent Dev by Derek Hatchard (Go directly to post):

I was getting this error message when I tried to open a document in Word 2003: "This document could not be registered. It will not be possible to create links from other documents to this document."

Word still worked but I was unable to drag-and-drop content. And Outlook would not let me use Word as the editor for my email (which is perhaps an evil thing to do anyway).

Turns out the problem was that a service was not starting automatically (DCOM Server Process Launcher). I don't recall making that change but that's beside the point.  The point is that the error message is terrible. It is disrespectful to the user because it hints at an underlying problem but does not give you any guidance on how to fix it. Sadly, disrespectful error messages are much too common.

Go to post
Posted: Mar 30 2006, 07:00 AM by dhatchard
Sure, pop a random CD in your computer - what's the harm?
Posted at Ardent Dev by Derek Hatchard (Go directly to post):

From http://mcpmag.com/columns/article.asp?editorialsid=1275:

An IT training firm in the U.K. conducted a stunt (or promotion, depending on your feelings about it) to demonstrate that users in London's Golden Mile, its financial district, need more security training. They stood alongside the road and handed out CDs claiming to contain a special Valentine's Day promotion. While no numbers have been provided, a spokesperson for the firm indicated that the CD, when inserted, would "call home" to the firm indicating the user had run it.

The CDs had written on the outside that you ought not to do this because it might be a violation of policy. Despite this, some employees ran the CDs anyway.

As a security conscious guy, this makes me scream, "Aaaaaaaaaaaarrrrrrrrrrrggggggggggghhhhhhhhhhhh."  <heaving sigh>

This column also has some interesting thoughts on the Search Across Computers feature of the Google Desktop that you might want to read.  Personally I loathe the Google Desktop.  I love the Google Deskbar which has been discontinued as a standalone product.  Too bad (thankfully I have a copy of the installer backed up for the future).

Go to post
Posted: Mar 28 2006, 08:51 AM by dhatchard
ASP.NET Membership and passwordStrengthRegularExpression
Posted at Ardent Dev by Sebastien Aube (Go directly to post):
Membership in the .NET framework 2.0 allows you to add security to your application with little to no code.

When trying to enforce strong password rules in our church software I encountered an interesting problem.

At first I modified the web.config by adding the following line to our membership provider section.

passwordStrengthRegularExpression="(?=.{8,})[a-z]+[^a-z]+|[^a-z]+[a-z]+"

RegEx explained: 8 characters or more in length, at least 1 lowercase letter, at least 1 character that is not a lower letter.

I removed:

minRequiredPasswordLength="0"
minRequiredNonalphanumericCharacters="1"

After some testing I found that even when following the password rules, a password change would fail.

The ChangePassword control, which is part of the Login suite of controls, doesn’t give you any information as to why the password changed failed.

After a few reviews of my RegEx and confirming that the syntax is correct in code and with some useful online regular expression testers (see links below), I tried changing the password using the following code:

MembershipUser mUser = Membership.GetUser(); // gets the current logged in user
//change the password
mUser.ChangePassword(mUser.GetPassword(), “invalidpassword”);

That caused the following exception: System.ArgumentException: Non alpha numeric characters in 'newPassword' needs to be greater than or equal to '1'.

So I added this line:

minRequiredNonalphanumericCharacters="0"

And our password complexity rule started working properly.

I won’t start a debate on the merit of setting the minimum required non alphanumeric characters (say that ten times) to 1, but hopefully this will help someone somewhere some time.

Links:

JavaScript Regular Expression Tester
http://www.roblocher.com/technotes/regexp.aspx

.NET Regular Expression Tester
http://www.dotnetcoders.com/web/Learning/Regex/RegexTester.aspx
Go to post
Posted: Mar 21 2006, 02:29 PM by dhatchard
More Posts