home instructor-led training online training blogs

July 2004 - Security Briefs

Security Briefs

Home
Contact

Pluralsight Blogs

Syndication

Keith's books

Misc

Archives

Sort By: Most Recent | Most Viewed | Most Commented

Thanks to the volunteers

The book-in-a-wiki project is almost complete. All 75 items have been doled out to various people. To those who sent me mail volunteering to help, thank you so much - this new format will be much more amenable to change. Be sure to subscribe to the RSS...

Published Mon, Jul 26 2004 11:35 AM by keith-brown

Filed under: Security, Geek talk
Book-in-a-wiki

I'm taking the final version of my book, The .NET Developer's Guide To Security , and putting it in a Wiki for its final online resting place, and I can use your help over the next month getting the latest version ported from Word/PDF into WikiText. It...

Published Thu, Jul 22 2004 11:34 PM by keith-brown

Filed under: Security, Geek talk
Anonymous callbacks in Windows XP SP2

I spent the day today doing some research for a client who needs to survive the transition to Windows XP Service Pack 2. They currently have a solution that requires anonymous callbacks to Windows XP clients. The picture isn't looking very pretty at the...

Published Wed, Jul 21 2004 5:23 PM by keith-brown

Filed under: Security, Geek talk
Virtual PC is getting on my nerves

<rant> I am so incredibly sick of this bug in VPC that causes my keyboard to stop working in ALL virtual machines that are open. I have to shut down all virtual machines (and also remember to open up the VPC manager window and shut down VPC itself...

Published Sat, Jul 10 2004 7:21 AM by keith-brown

Filed under: Geek talk
Connection Pooling: Dogma or Holy Grail?

Søren points out that delegating client credentials to SQL Server breaks connection pooling. Yes, you'll get much less use from pooled connections using this technique than if you simply used a fixed identity to communicate with SQL Server, because...

Published Fri, Jul 09 2004 8:51 AM by keith-brown

Filed under: Security, Geek talk
SQL Server and delegation

Say you're building the typical three-tier system and you want to use integrated security all the way through, from Internet Explorer through IIS back to SQL Server. And you'd like to have IIS use the client's credentials to talk to SQL Server, so you...

Published Thu, Jul 08 2004 7:42 PM by keith-brown

Filed under: Security, Geek talk
Cirque

Last night Kathy and I went and saw one of Cirque 's latest shows, Varekai . I am always amazed at how these shows manage to be so incredibly enveloping - seeing something like this on TV just wouldn't be the same. The performers have such unique skills...

Published Sat, Jul 03 2004 11:42 AM by keith-brown

Filed under: 42
UserNameToken and cleartext passwords

Aaron mentioned a gripe I have with UserNameToken. The approach recommended by the UserNameToken profile , namely the one-time hash that is designed to counter replay attacks, Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ) requires...

Published Sat, Jul 03 2004 11:14 AM by keith-brown

Filed under: Security, Geek talk

home instructor-led training online training blogs

781.749.9238 (East Coast) | 310.251.9901 (West Coast) | Pluralsight, LLC , 185 Lincoln St., Suite 305, Hingham, MA 02043-1741

Copyright © 2008 Pluralsight LLC. All rights reserved.

designed by nukeation

July 2004 - Security Briefs

Pluralsight Blogs

Syndication

Recent Posts

Tags

Keith's books

Misc

Recent Articles

Archives

Thanks to the volunteers

Book-in-a-wiki

Anonymous callbacks in Windows XP SP2

Virtual PC is getting on my nerves

Connection Pooling: Dogma or Holy Grail?

SQL Server and delegation

Cirque

UserNameToken and cleartext passwords