Raj Kaimal

Secure Logon?

I don't get it. When I need to logon to a secure site, I expect to see a https url before I enter my username and password. All the sites listed below (except Citibank) prompt you for the user name and password on a http page and it says that the information will be posted via https. Even though what they claim is correct, I do not feel comfortable with the approach. How do I know that the http page I am looking at is spoofed or not? Check out these sites:

• Discover
• MBNA
• AMEX
• Citibank (https)
• PayPal
• Bank of America (submitted by Hardy Johnson)

The way I work around this is to bookmark the secure url. Example: PayPal

Is it really that CPU intensive to run the default homepage on 443? Could they have used SSL acceleration? How about a logon button on the default http page that redirects me to a https page where I can enter my credentials?

Patent for Ajax/Web 2.0 ?

I read about this patent on digg a few minutes ago.

Rich-media applications are designed and created via the Internet. A host computer system, containing processes for creating rich-media applications, is accessed from a remote user computer system via an Internet connection. User account information and rich-media component specifications are uploaded via the established Internet connection for a specific user account. Rich-media applications are created, deleted, or modified in a user account via the established Internet connection. Rich-media components are added to, modified in, or deleted from scenes of a rich-media application based on information contained in user requests. After creation, the rich-media application is viewed or saved on the host computer system, or downloaded to the user computer system via the established Internet connection. In addition, the host process monitors the available computer and network resources and determines the particular component, scene, and application versions, if multiple versions exist, that most closely match the available resources.

How can that be patented? Who approves all these patents anyway? They ought to hire some knowledgeable people down there! Sigh..

Health monitoring in asp.net 2.0 - logging events

I was about to use the Logging Application Block of the Enterprise Library 2.0  when I found out about the built in Health Monitoring feature in ASP.net 2.0. IMHO, the Logging block is great for an enterprise app but might be overkill for smaller apps.

With just a few lines in web.config, you can easily add health monitoring to your application as described here.

You get the following providers out of the box:

SimpleMailWebEventProvider

TemplatedMailWebEventProvider 

SqlWebEventProvider

EventLogWebEventProvider

TraceWebEventProvider

WmiWebEventProvider

MSDN even has an example of how to create a custom provider that writes specified health monitoring event information to a local file.

Very cool J