Lazycoder

11Jul/040

Wesley might have made a few mistakes…

The Code Project – C# Performance: Mistakes My Friend Makes – C# Programming

But Ellery makes a couple of his own.

Prefixing your variables with the type (i.e. sName), is not very .NET. Reason for this being that your variables are suppose to have meaningful names which allow their type to be identify without the need for a prefix. Itís pretty easy to see the variable types of firstName and dateOfBirth. I believe most people who do this are/were VB programmers who canít get rid of the habit.

So what’s the type of dateOfBirth? Does it return a string? Is the date it returns a DateTime short date string or long date string? Does it return a DateTime type? Do you have to hover over the var name to find out? How much time does that take our of your day, trying to find the right hover spot in Visual Studio?

In Wesleyís code, the SqlParameter does nothing but introduce unnecessary overhead and code complexity. You can provide parameters to a stored procedure by simply executing it in the SQL code (i.e. ìEXEC usp_GetUserDataByID 257;î).

Yes, that’s a great idea provided that Wesley doesn’t care about SQL injection attacks? Concatinating together an “EXEC” statement to execute a stored procedure is almost as bad as concatinating the SQL string together.

Although not seen in this code example, he ALWAYS sets the CommandType property of the SqlCommand objects, even when he needs CommandType.Text. Text is the default value for that field. No need to set it.

You should never rely on the default properties of classes and methods. What happens to your code if the default property or the underlying enum is changed? Ellery has some learning to do to.

Filed under: .NET, C#, Database, VB.NET No Comments
26May/040

Nullable types in C#

Making it stick.: “Nullable Types”

I don’t know about the nullable type syntax. It looks a little hackey to me. It doesn’t seem very elegant.

Filed under: C#, VB.NET No Comments
29Apr/040

BASIC turns 40

Slashdot | BASIC Computer Language Turns 40

Interesting milestone, today the BASIC language turns 40. I think most programmers today started on BASIC back on their old TI’s, Timex, Commodores, TRS-80′s, and IBM PC’s.

Filed under: Technology, VB.NET No Comments
26Mar/048

I give up on VB.NET

Google Search: DefaultValue Attribute VB.NET

It really IS the bastard stepchild of .NET. It’s just so much easier to code in C# than it is in VB.NET.

I’m writing a custom web control. I have a property called “TabItems” which is an ArrayList holding, TabItem classes. I want to set a Default Value. How do I do that? The only example I can find in the MSDN docs uses a boolean property and sets it like so.

<defaultvalue (False)> _
Public Property MyProperty() As Boolean

yeah, duh no kidding. The only other examples I can find use string properties and set the DefaultValue to “”. DUH. What about an actual type?

I’m going back to C# now, let somebody else play in the shallow muddy end of the .NET pool with VB.
edited because I forgot that WordPress doesn’t URLencode the posts

Filed under: C#, VB.NET 8 Comments
18Mar/040

DevDays 2004 – qiuck post of my notes

Here are my unedited notes from the DevDays 2004 Seattle show. I typed these into my Treo 90 so they aren’t the best notes in the world.

I’ll post more of my impressions this weekend. Overall impression, I didn’t really get much out of it but there were enough people in the audience that were surpised by the simple things that I think MS should keep beating the drum harder and everywhere they go.

pl = Paul Litwin
ds = Doug Seven

paul and jims Demo app didn’t notify the end user that the update failed

Is anyone still concatinating sql strings? Probably.
Sql injection talks are boring though. nothing I haven’t seen or written about before.
How did pl determine the name of the table? Should have explained how hackers determine you data structure. Select from master, navigate around the systables using “not in(‘tablenames you already know’)”. Error pages that display sql string. he does finally in the querystring and a union query. This would have worked in the form demo.An xp_cmdshell demo is always nice. Nothing like shutting down your demo web server through an injection attack to really make an impression.

Pl just showed the xss attack to many “ooohhs” near me. Are people, especially developers, still ignorant of these types of attacks? This has been around for 3 or 4 years.

Ds- dpapi doesn’t mean squat if the attacker has obtained access to your server, it’s not your server anymore. If they gain access with admin level privilages, which is the most common level that an attacker gains, they can access your acl controlled dpapi encrypted key.

windows auth in sql server – worker process , if your attacker gains access under your worker process profile, which they probably will since they don’t want to try and guess what other accounts are on your machine/domain they want to take over the one that is accesible, then they automatically gain access to your database. Did they already talk about limiting the worker process access and database access? I might have missed it during my search for wifi.

Hardening of web apps – all stuff I already knew. Should I start advertising myself as a security expert? Hashed passwords, param commands, salted hashes.

Scary cookies – long life cookies are bad m’kay. Shorten their lifetime. This was a big “they did what?” when I found out about this.I have no idea why they set the default cookie lifetime to 50 years. That’s just dumb. Essentially they way to secure your cookies is not to use the default ms authentication methods. evidence of bad design.

Validate viewstate – on by default in asp.net 1.1 Encrypting viewstate.

Session service uses port 42424. Cookieless session bad, can grab session Id and spoof.

Pretty much just staying for the drawing now. See if we get any more swag, if not I want at least $40 back out of my $75.

Overall: there are probably people in the audience that will get something out of this. I’m not one of them.

Filed under: .NET, C#, VB.NET No Comments
11Mar/040

Dear SharpDevelop team

I really want to use your product. I mean I really, really do. I’ve been trying for about a year now. It’s just not working. With the latest version (0.99b) I was finally able to add my source files to a combine without it crashing, but the friggin IDE has a 90+MB footprint on my system! If you can make that footprint smaller, I’d be able to move forward with it and see if it will meet my needs.

Filed under: .NET, C#, VB.NET No Comments
 « Newer Entries  

Ad

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

.NET HTTP Abstractions group

Google Groups
Subscribe to .NET HTTP Abstractions
Email:
Visit this group

Follow lazycoder on Twitter

120x60-1

Tags

agile projectManagement scrum altdotnet asp.net MVC ASPNETMVC MVC WebDevelopment browsers C# chrome compiler CrossPostedFromDevCentral da daptiv designtime diversity firefox fSharp functionalprogramming funny herdingcode herdingcode podcast herdingcode podcast opensource microsoft house internetexplorer iPhone java Javascript javascript. podcast linux ubuntu wubi mattpodwysockirules microsoft jquery podcast javascript Mono MonoTouch noReallyItsAJoke oop our podcast podcast herdingcodce podcast herdingcode silverlight reflection rocks screencast sql tutorial win7 windows microsoft gotcha Wordpress bug workaround work

O’Reilly Blogger Review Program

I review for the O'Reilly Blogger Review Program

Books I’ve worked on

Contributors

Links

RSS Herding Code Podcast