Every Developer should know about Cryptography

2012-08-162014-11-30 Andy Burnscrypto, DevelopmentLeave a comment

It fascinates me, but it seems like a lot of developers don’t know a lot about cryptography. Certainly, the litany of security bloopers caused by incorrectly implemented crypto makes it appear that way.

Encryption isn’t something that I work with every day, but as a web developer you can’t really get away from needing to secure something – and that means encryption.So, to overcome some of this it’s worth a bit of reading.

Bruce Schneier is a pretty interesting author. His books on Applied Cryptography and Practical Cryptography are excellent, and well worth a read for anyone starting to work with crypto. His blog is also an interesting discussion of security and risk in a wider context.

Troy Hunt has managed to write a number of posts that have grabbed my attention over the year or so. “Lessons in web site security anti-patterns” is just that, “A brief Sony password analysis” is fascinating, and “Our password hashing has no clothes” was eye opening. I like that his posts are strongly based on systematic analysis.

Cryptography on StackExchange can be interesting. It’s where I first heard of scrypt, which is quite interesting.

Anyway, I’ll try and update this if I find new, useful resources, or post your own favourites in the comments.

Lookbehinds, Regexes, and replacing n

2012-07-232014-11-30 Andy BurnsDevelopment, regexLeave a comment

This is a little note for myself; don’t forget lookbehinds (and lookaheads) in regular expressions as a way of matching text that you don’t want to replace.

For example, if converting new lines to carriage-return new-lines:

// n ---> rn
string output = Regex.Replace(input, "(?<!r)n", "rn");

This pattern find any new line character ‘n‘ and checks if the preceding character ‘(?< … )‘ is not a carriage return ‘!r‘.

This is neater than my having a capture group for the preceding character, and then having to put that group into my replacement pattern.

TFS: Solution Explorer missing file status icons

2012-03-272014-11-30 Andy BurnsDevelopment, TFS, Visual Studio3 Comments

I’ve just had a bit of a problem with Solution Explorer in Visual Studio not showing the ‘checkout status’ icons from TFS – you know, the red tick, the padlock, etc.. These things:

I couldn’t figure out what was causing this, but found the solution on MSDN forums:

In VS 2010, while you have the solution open in Solution Explorer, select File-> Source Control-> Change Source Control, could you click on Bind for each project/solution? Binding provides version control functionality. This includes various version control icons that indicate status in Solution Explorer.

This advice was correct – I went to the binding dialog, and the solution and projects weren’t bound. I added the bindings back – and presto. I’m not sure, however, how the project became unbound…

Know whether your assembly is Debug or Release

2012-03-062014-11-30 Andy Burns.NET, Assemblies, LoggingLeave a comment

Sometimes, you want to know if your assembly is a Debug or Release build – like if you’re outputting assembly information for diagnostic purposes. But how do you know? Continue reading “Know whether your assembly is Debug or Release” →

Clearing the CA0068 Error in Code Analysis

2012-03-012014-11-30 Andy Burns.NET, Code Analysis, pdbLeave a comment

This error was appearing in the code analysis for one of my SharePoint projects. It reads:

Warning 1 CA0068 : Debug information could not be found for target assembly ‘Something.exe’. For best analysis results, include the .pdb file with debug information for ‘Something.exe’ in the same directory as the target assembly.

Annoyingly, it didn’t seem to allow you to suppress it, and I was doing a Release build – so I didn’t expect to have a .pdb file. Continue reading “Clearing the CA0068 Error in Code Analysis” →

Attaching Visual Studio 2010 to Outlook 2010 plugin for Debugging

2012-01-122014-11-30 Andy Burns.NET, Outlook, Visual StudioLeave a comment

I was trying to attach a debugger to an Outlook plugin I was working on. It was originally written for Outlook 2003, but has been progressively upgraded to 2010. However, I couldn’t breakpoint my code, or rather, the breakpoints weren’t being hit.

Found the answer on Stack Overflow:

So it turns out that Outlook doesn’t load the CLR on startup (it must be loaded shortly thereafter when it becomes necessary), which apparently confuses the VS debugger and causes it to only debug native code. To force it to load the CLR immediately, create an OUTLOOK.EXE.config file in the same folder with:

<configuration> <startup> <supportedRuntime version="v2.0.50727"/> </startup></configuration>

which is from this blog post. Then, even when VS starts attached, it will debug CLR code

Editing a XAML build process

2011-12-012014-11-30 Andy Burns.NET, MSBuild, TFS, Visual StudioLeave a comment

So, we’ve been working on putting our SharePoint solutions through a proper build process in Team Foundation Server 2010 (TFS), and I hit a bit of a snag.

I had been given a build definition that had a build process – a Workflow Foundation workflow – that I wanted to alter. The problem was that while I had the XAML file for that workflow, and the DLL that defined some custom code activities that the process used, I didn’t have a full Visual Studio project for it. No problem, I thought, I’ll just open the XAML up in Visual Studio and edit it.

Wrong.

Continue reading “Editing a XAML build process” →

Error: 'b' is null or not an object

2011-11-292014-11-30 Andy Burnsclientobjectmodel, JavaScript, SP2010 Development4 Comments

This error has caused me so much pain when trying to use SharePoint’s JavaScript client-side object model (CSOM), so, in case I have it again:

Check that the function exists.
Check that the function is named correctly.
Make sure that you’re not using “this” in the call to createDelegate, as detailed here.
- Right: Function.createDelegate(this, onSuccessMethod)
- Wrong: Function.createDelegate(this, this.onSuccessMethod)
I don’t know why this difference should cause this error, but I’ve proved it true.

If you know of other causes of this error, let me know, I’ll add it to the list. I love the experience of debugging JavaScript…

Further notes on SmartAssembly Obfuscation

2011-09-092014-11-30 Andy Burns.NET, Obfuscation, SmartAssemblyLeave a comment

Some further notes on things I’ve learnt using SmartAssembly on some of our products.

Constants do not get obfuscated. Use static readonly variables in their place if the constant contains sensitive information.
Run Reflector (or reflection tool of your choice) against your assembly after obfuscation, to check what is visible. Then go back and make the bits you accidentally left public internal or private.
Make as many classes and methods as you can Internal
Do read the instructions on the attributes you can apply to control obfuscation.
Do use Pruning if you want to remove parameter names for methods. That can leak a lot of information about what a class is doing.

Obfuscation, Code Analysis, and Check-In policies

2011-09-072014-11-30 Andy Burns.NET, Code Analysis, Development, Obfuscation, TFSLeave a comment

As mentioned before, we’ve started to use SmartAssembly to obfuscate some of our products. We also use Team Foundation Server (TFS) as source control and build server. Using obfuscation with code analysis caused some issues, which were compounded by our check-in policies. Continue reading “Obfuscation, Code Analysis, and Check-In policies” →

Andy Burns' Blog

Whatever I'm working on

Software Development