June 2003 - Posts
Interesting comment from Frans:
Funny. The one source for sql server related security problems is Microsoft itself. The reason for that is that is that it is impossible to impersonate f.e an asp.net website into a native windows domain user which has role based security in a sqlserver. You simply can't do that. You have to maintain credentials on multiple machines. Most people therefor do not use trusted connections but sqlserver connections using sqlserver accounts for situations like this (which are very common), which force you to store the credentials in the connection string.
MS clearly made a terrible mistake when they designed the asp.net user security and multi-machine websites. Ah well... thankfully sqlserver 2000 at the moment still allows you to specify a sqlserver account (but I heared support for this will be dropped in a later release)...
Also, MS has made it very hard (if not impossible) to communicate encrypted with your sqlserver machine. You have to jump through hoops to get it working and even then... (using ssl). In the unix world, they have ssh and can tunnel any connection through that secure connection protocol. Very clever and neat. How else did MS envision the secure, remote maintainance of webservers and sqlservers in a DMZ which are not part of ANY domain?
I found interesting these new articles about SQL 2000 security (source Microsoft)
The figure shows security vulnerabilities in a simple multi-tier system
Hey Ralf nice to see your experience in TechEd.... in german :-((
Also I say that because I know that you are writing for your country but in case you don't know that, TechEd is an international event.
Are you going to speak only in german in Barcelona ( How do you say tortilla in german ?) :-))
UPDATE: just think about the developers who can't make the journey !
Microsoft will lay out plans for its upcoming "Whidbey" and "Orcas" versions of Visual Studio on July 29 at FTP's VSLive! New York conference. Attendees will get a sneak preview of the next release of Visual Studio, hear about "new opportunities for partners, plus much more," according to a Microsoft spokesperson.
Prashant Sridharan, Lead Product Manager for Visual Studio .NET at Microsoft, was quoted by eWeek as saying that "Whidbey will be a very significant product for developers ... It will be the most customer-driven product our developer division has ever shipped." Whidbey will include "new features that bring the developer community closer to the overall development experience, including community search capabilities and other features," he said. "Web design capabilities are anticipated that draw on the Microsoft Web Matrix Web development tool, which achieved more than 500,000 downloads." Senior Vice President Eric Rudder showed Whidbey briefly in his keynote at VSLive! San Francisco in February.
Orcas is the code name for the version following Whidbey. The Orcas release is expected in 2005, according to Vice President Paul Flessner's keynote speech at the Microsoft Tech•Ed conference in Dallas earlier this month.
Source: Visual Studio Magazine
I think it's a new kid in the application blocks on MSDN.
Check it there
OK after spending a good part of my Sunday evening on chasing spyware on my PC, I think I finally won the battle.
Apparently one serious spyware is totalvelocity.memorymeter.
This tool pretend to install a memory check in your systray, but indeed open a huge door to all abuse.
I could sometime suddenly have until 15 popups windows coming from nowhere.
Of course I never downloaded this crap, and I want also to reply to some comments about my previous rant about FeedDemon.
I think some people misread me by saying that I don't like Feeddemon.
That's not true, the problem is not the software, the issue I have is about the feeds this tool provide by default.
Totalvelocity and may other spyware can move on the net by any kind of http stream, and if I am right, FeedDemon use a browser layer to show some feeds.
Another comment I received was about not working in Admin mode.
Yes maybe but I don't get the point, a spyware can have apparently access to anything, and it's really not good.
Finally I really invite everybody to check their machines with some antispyware, and it's really amazing th results you can find, usually an average of 50 bots is not uncommon.
So my question is still valid: What Microsoft will do to secure the registry ?
Since I installed FeedDemon I have now to fight against spyware.
I already found with Ad_Aware from Lavasoft 70 kind of spyware :-(.
But I still have something launching some stupid ads automatically.
So I tried too BOHCaptor to detect strange objects in IE, still the same.
Now it's the turn of Spybot. Grrrr !
I wor with Windows 2003 which is supposed to be the champion in blocking everything :-((.
It's amazing the number of bots which going straight away to the registry ! If somebody know a way to block the registry access or give some alert, I will be an happy man.
By the way check this page for more info on the different anti spyware.
Microsoft should also fight against the spyware in the same strength than with the spammers.
Folks like everybody I enjoy FeedDemon, but be careful, it's an open door to some web spam.
I am struggling now with some spyware coming from nowhere since I used FeedDemon.
I don't think it's really the tools, but surely one of the feed included with it.
So unless you have spyware blocking software, or a personal firewall be cautious.
It's true that the Smart Navigation option proposed by MS is not really reliable.
I just discovered the matter this afternoon where this feature crashed very quickly on a single page.
If I understand well, the idea behind is to use some hidden Iframe to freeze some portions of the page.
So my message to the .Net team is:
Can you make something similar to SmartNavigations tested and working for .Net 2 ?
I am sure that a lot of developers who work on Intranet projects could appreciate to not having every button click on a page doing another refresh.
My Intranet users complain now a lot about this, and I am not going to develop for them a windows forms software for them, I really enjoy to use the browser for my gui.
More Posts Next page »