Saturday, January 31, 2004 - Posts

30% performance hit for what?

from Dino Esposito's post:

Kathleen Dollard said "You'll accept a 30% or greater perf hit for simplicity in programming? Sorry, but I think that's nuts."

Well, if development and maintainance both cost 30% less , then yes

 

posted Saturday, January 31, 2004 9:09 PM by stefandemetz with 0 Comments

Hardening ASP.NET - avoid cross site scripting and script injection - Part 1

Scott Hanselman's excellent article on MSDN shows how to filter dangerous characters from input. My take was to override the Textbox, TextArea and Password controls and add a custom property with validating code for characters, numeric, allAllowed and noDangerousChars. This allows for set the proper data validation at runtime.

Here is more

All the failing input should be logged !!

 

 

posted Saturday, January 31, 2004 9:02 PM by stefandemetz with 0 Comments

ASP.NET Job (Contract)

ASP.NET Developer for Bank in Milan(Italy)
Should be Italian speaker and EU resident/EU work permit holder
Local rates
Contact me by blog form

posted Saturday, January 31, 2004 1:39 PM by stefandemetz with 0 Comments

Yukon licensing a la mainframe

At a SQL Server Yukon presentation I asked if there was a possibility for licensing a la mainframe or on demand. No answer was given.
This would help the very large deployments for things like HR and Accounting were over 50% of the monthly data crunching is done in 4-5 days. It would also help MS compete against DB2(IBM) and Sybase in high end scenarios.

posted Saturday, January 31, 2004 1:38 PM by stefandemetz with 2 Comments

Slammer(SQL Server port 1433/1434) anniversary, bugs count, cuddled environments and Security by Obscurity

I've been working in the last year with SQL Server and one of its competitors, both being used by an application.

Now my team has run over 3 different buffer overruns running the most expensive IBM Unix machine into the ground.
Now this DB installation is being "cuddled" by one of the vendors own consulting DBA on a machine, protected by numerous firewalling sofware and monitored 24 hours by special management sofware. Obviously any documentation or KB docs are not available(Security by Obscurity) for these software or are more expensive than an original Shakespeare manuscript. Some NDA also prohibits these issues to become of public domain.
At the same time my team of developers manages the whole software  aspect of SQL Server.

To this point I think that the bugs are really been counted unfairly in the context of the environment:  
In the MS world software is being installed on standard hardware and maintaned by standard techies , while other environments are treated as royalty while being only usurps and mostly technically inferior.

In this context of environment SQL Server(please install SP3 !!) really comes out much better than comparables.

posted Saturday, January 31, 2004 1:37 PM by stefandemetz with 0 Comments