.NET Brisbane, Australia

This week while I was awaiting for a new project confirmation I saw myself doing some code fixing for another project, that's something quite common and I really don't mind that. One of my tasks was to develop a little page to upload images to a server. That's not a problem, so I decided to try something new. Yes, I was very keen to use Silverlight for the task, but I used some good old javascript and a very cool concept similar to the called bubbling events, which is basically to raise an event from a determined and let it propagate up in the chain until it is captured.

Here an interesting case. Consider there 2 scenarios:

For the novice in object-oriented programming one of the biggest challenges faced is the new mindset introduced by the OO concept: to be able to think and to model the world in a set of objects and its respective methods.

hi people,

Do you remember the last time you have developed an application with absolutelly no worries about security ? when you could trust the user input? when you were not worried about sql injection attacks? string attacks? dropdown list modifications? You are right, (if you ever did this) probably it must have been a long long time ago.

Security nowadays IS PART of the regular software development application. It is no more something to worry about only when the application is deployed or attacked. Security is a development-phase concern. Security skills are part of the normal software developer skills and if you are a developer and it is not yours, start learning about security right now.

The thing is: How and where to learn about security? What are the best practices for security in software development? What if I am a Java programmer, Microsoft recommendations apply to me? I use SAP, why should I worry about security?

My friends, I present to you (or at least to those who haven't heard of it yet) SAFECode.

SAFECode or Software Assurance Forum for Excellence in Code is a consortium formed by many big names in the world, including those I told you before. People like Symantec, SAP, EMC and of course Microsoft are part of it.

Together those companies created internal teams and they interact with eachother using SAFECode as an organisational interface and they as a whole share and develop best practices to be recommended to write safer and better products.

Last week SAFECode released their first whitepaper with the best practices for a better and more secure software. That's a very interesting document. Why? because if you take your time to read it, you will notice how similar are the methodologies of those companies.

Hopefully this initiative will grow better and stronger. Maybe one day we will not talk about Microsoft Recommended Best Practices but we will start referring to an Universal Recomended Best Practice? Only time will tell. (and the market forces, of course)

If you are interested take a look at the document here and let us know your ideas ok?

See you later.

Can anyone point to me which one is the correct procedure to create a custom exception class?

"Do not derive user-defined exceptions from the Exception base class. For most applications, derive custom exceptions from the ApplicationException class." - http://msdn.microsoft.com/en-us/library/seyhszts(vs.71).aspx


"For most applications, derive custom exceptions from the Exception class. It was originally thought that custom exceptions should derive from the ApplicationException class; however in practice this has not been found to add significant value." -  http://msdn.microsoft.com/en-us/library/seyhszts.aspx

test