While bad code is not exclusive to any environment, it is more prevalent on some compared to others.
From what I've seen of writings about ASP.NET, they tend to:
encourage the use of parameterized queries, which eliminate the need for the escaping of strings for SQL input. ADO.NET makes this pretty easy to do.
encourage the use of validators, which are, once again, easy to use in ASP.NET
So, in this case, good practices are widely promoted, where in other cases, they aren't. Measures like magic_quotes_gpc aren't needed if parameterized queries are common. (magic_quotes_gpc wouldn't be a problem if there was a simple, page-by-page way to control it, like an option on ASP.NET's Page directive.) ASP.NET protects against potential cross site scripting errors by throwing an exception by default on HTML when in text boxes:
Server Error in '/' Application. A potentially dangerous Request.Form value was detected from the client (topuser="<script> do_somethin..."). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Note that this can be disabled on a per-page or per-application basis.
Re:A lack of security-wise individuals.
on
PHP 5 Recipes
·
· Score: 1
I have never made such an "ad-hoc" query using.NET. I do simple data verification to make sure user input fits the context/database. I also use a database that makes my database API throw an exception upon bad input, unlike other databases that silently replace bad data with null or zero.
It's really easy to use parameterized queries, so I simply do not have to deal with escaping strings before they go into the database. For example:
This makes it easier for executing the same SQL command multiple times with different values -- the parameters can be created once and their values changed accordingly & the query executed, instead of concatenating strings over and over again. There's no problems with magic_quotes_gpc, no addslashes or mysql_escape_string (or mysql_escape_real_string) nonsense.
I assume features like this are not exclusive to ADO.NET.
On Cingular, the USA's largest carrier, 8 (out of 16) of their currently available online non-PDA, non-Blackberry devices are Bluetooth capable.
All of their PDA and Blackberry devices are Bluetooth capable. You can get a Bluetooth capable device (either the Sony Ericsson Z520a, or a refurbished Blackberry), for only $70 online. The Z520a is definitely not a very high end expensive model; it's considered by some as low-end. Retail resellers often offer Bluetooth-capable phones for less, or even free; I think the Z520a is free at Best Buy currently. The Z520a was actually free online last week...
Since Cingular is a GSM carrier, the phones have uncrippled Bluetooth access. Just about every phone will have headset support, OBEX transfer support, which works with contacts, ringtones, pictures, and sometimes even games, and dial-up (GPRS/EDGE Internet) support. Some also have serial port access, which allows contact editing/snychronization and SMS access, and can send pictures directly to compatible printers. My current phone can even be used as a wireless Bluetooth HID mouse.
Sure, you can run.NET projects on Mono or the like - but that's a hoop you have to jump through. You can't be truly confident in the success you'll have, either.
If you take a project that has been used only on Microsoft's.NET implementation, it many not work with Mono. But if an application is designed from the start to be compatible with Mono and Microsoft.NET, there's nothing stopping it from working well on both platforms.
Open source programs that are built upon closed source interfaces and systems can do nothing but hope that the next version of said closed source program will continue functioning the way its previous versions have. And they're given no guarantee whatsoever.
There's no guarantee this won't happen to open source software. However, this isn't even that much of a problem; software does not magically stop working overnight. Software written years ago for Win16 still works; just as software that take advantages of old graphical toolkits is still functional. Gtk+ 1 didn't die when Gtk+ 2 was released. However, sometimes software just needs to be updated to remain useful or competitive. But old software does not magically stop working.
Old.NET software still works today;.NET 1.0, 1.1, and 2.0 can be installed and work in parallel. I have moved a few.NET 1.1 applications over to.NET 2.0, and I experienced no problems; just a few compiler warnings from a few obsoleted classes and methods. Those classes and methods still worked; they do have replacements that are improved over the originals.
It would be stupid for companies to alienate their customers and developers by making significant changes that break existing software.
I just wonder why - why do they choose to build it upon something closed source?
Maybe they prefer.NET? I can't stand PHP, and I like the compiled, object-oriented nature of.NET. I also like the ASP.NET framework. Also, ASP.NET is supported by Mono and works fairly well...
It's not as if.NET is intrinsically better than other development options.
Well, let's see. It's not interpreted. It supports many programming languages. It provides a full framework that works well. It has strongly typed variables. It has a clean object-oriented architecture. I think all of those properties make.NET intrinsically better than a lot of the options out there. The ASP.NET framework makes web development great.
I have yet to learn Java, but I do know this: based on the properties I listed above, it'd be the only other thing I'd consider for a large project.
I mean, DotNetNuke is written in VB.NET - even if I were to develop in.NET, this wouldn't be my first choice.
What's the issue with VB.NET? VB.NET is pretty similar to C# in terms of functionality, and with Option Strict, does not make assumptions on type conversion/casting. I prefer C# myself, but can't think of any instance where something I've written in C# would be more difficult, buggier, or in general, worse, if written in VB.NET. VB.NET is easier to understand, which means it's more likely that beginners may use it, but there is nothing that makes VB.NET code intrinsically worse than code written in C#.
Well, first, if this does work in Mono, then why should they be complaining?
I'm not sure if it would work in Mono without some effort -- my guess is, DNN is tied to IIS somehow. It's also possible that the application is tied to Windows. I've seen this happen before with PHP projects and Apache -- while the projects may or may not be tied to a unix-like operating system, some assume Apache and depend on environment variables and features found only in Apache, or at least ignored the fact that these features were implemented in different ways in other web servers.
While it may be insufficent to run every ASP.NET application, Mono's ASP.NET implementation does exist and is functional. They claim to support all of ASP.NET 1.1 and have implemented many of the new features in ASP.NET 2.0. Of course, I haven't used every feature of ASP.NET 1.1, but overall Mono works fine with everything I have needed to do.
The article is incorrect in saying "at this point in time DotNetNuke runs on ASP.NET, a services layer which is only available for the Windows platform - a situation which the Mono project is trying to address." ASP.NET is indeed available on other operating systems using Mono's implementation. In other words, the Mono project has already addressed this issue. While running ASP.NET applications with Apache and mod_mono isn't as easy to configure as, say, mod_php or any old CGI application, it's possible and not very difficult for anyone with experience configuring Apache and compiling Apache modules -- comparable to setting up FastCGI.
Mono's XSP, a small, simple web server, works great for serving up ASP.NET applications.
While.NET programs can be portable between Microsoft's.NET Runtime and Mono, just as software written in many languages can be portable between Windows and Linux, it's also possible to write software that only functions properly in one operating system or the other.
This isn't an issue if your database and/or database access API supports fully parameterized queries, and you take the time to use them. For example, with ADO.NET and SQL Server (haven't tried any other databases), you can do:
sqlcommand.CommandText = "SELECT ID, field1, field2, field3 FROM tableA WHERE field2 > @field2 AND field3 LIKE @field3 + '%' ORDER BY field1"; sqlcommand.Parameters.AddWithValue ("@field2",someVariable1); sqlcommand.Parameters. AddWithValue ("@field3",someVariable3);
I am unaware of any way that a SQL injection attack could be done on code using parameters like this. This is not a simple string replacement & escape done in ADO.NET; the parameters are sent to the database and treated as variables. Also, in my opinion, the code is much cleaner and easier to read than concatenated SQL statements.
Actually, it moves the mouse up and right slightly, which will click the Start button if you're using a 1-row taskbar. Otherwise, it doesn't click on anything.
There is no obvious differnece. With number portability, constantly changing prefix assignments (including 4-digit prefixes/1000-number exchanges), and such, there is no reasonable way of being sure if the number you are calling is a landline, cellular phone, or something else. I have seen at least one case where the same exchange was either used for both cellular and landlines. The exchange was assigned to Sprint, and the person had Sprint landline and mobile service.
Phone companies that do not use an entire 10000 allocation often allow the rest to be reassigned. For example, 330-475 is owned by Choice One Communications, but 475-(2,3,4,5,6,9) are owned by T-Mobile.
Did you try indexing a few fields? Using EXPLAIN on your query? I saw MySQL performing complex queries on thousands (even millions a few times) in fraction of seconds. I just can't believe Access can be faster than MySQL.
I was joining on indexed fields. The WHERE clauses were on various fields that I did not take any time trying to figure out *why* it was going slow, as I was moving away from MySQL. The same fields that were indexed in MySQL were indexed in Access. I ended up copying the tables into Access and I got much better results.
I just can't believe Access can be faster than MySQL.
Well, try turning off the anti-MS reality distortion field...
I don't think that's significant at all, as MySQL seems equally poor on any platform, but I was using Linux at first & and after the second time it went out of control, I used Windows MySQL on the local machine I was using.
I must disagree. I was running 4.1 and trying to do a multiple JOIN query using inline views. There were about 50,000 rows in each table. I first tried the query in Access using ODBC connecting to MySQL, and MySQL used up so much CPU that it nearly locked up the server. I figured it could be an ODBC issue, so I installed MySQL locally and tried the query in the command line client (after making some slight changes), and the same thing happened.
I copied the tables into Access and the same query executed in less than 5 seconds. Since that moment, I have vowed never to use MySQL again.
Despite MySQL's numerous flaws and drawbacks compared to other open source and commerical databases, it has still remained popular. This is simply another reason to use a superior product, such as PostgreSQL.
60,000ft (approx 12 mi) is within range (approx 20mi max except on specially configured networks) for GSM operation, and CDMA would work fine. However,
I'm not sure about AMPS, but I don't think TDMA would work. Since most American wireless users are on GSM or CDMA, this isn't a problem. Assuming there are no other factors, and that the earth is flat, such a system would work for a radius of approx. 16 miles on the ground, an area of approx. 800 sq mi. I would expect it to be unlikely that an area that large would be covered, however. Such a system could cause interference with networks outside of the affected area, and depending on the population & attempted usage of the area, may get crowded fairly quickly.
- mysql for windows -> free
MySQL isn't a decent choice, regardless of the platform. There are superior free alternatives like PostgreSQL (which as of 8.0... and even MSDE (the "light" version of SQL Server) is free.
- php for winodws -> free
ASP.NET is also free, and is a complete web framework that supports multiple programming langauges (not the mess that PHP is). To use Microsoft's implementation, all you need is Windows XP Professional or Windows 2000/2003... or you can use the Mono implementation.
You really believe there are no developer tools on linux? Countless IDEs to choose from. From Anjuta to Kdevelop to Eclipse. Countless simple editors. Countless other tools like profilers, version control, etc etc. Detailed and thorough documentation on every tool you'll ever use. Please keep you uninformed opinions to yourself next time. Saves you the embarrassment.
Yeah, there's a ton of IDEs; a few are decent. However, none really do as much as Visual Studio. The same IDE can be used to develop web applications, simple forms-based applications, advanced C++ projects, Windows Mobile/Smartphone projects, etc., and it works very well with.NET. It can debug just about everything it can do. There are also third-addons available, amazingly even including a PHP addon. Visual Studio 2005 is introducing a lot of new features.
.NET?.NET is BS. Read this very good article about.NET. It'll explain alot.
That article is 5 years old and was written when.NET was first announced... you may want to see the same author's article from four years later, in which he says ".NET is a great programming environment that manages your memory and has a rich, complete, and consistent interface to the operating system and a rich, super complete, and elegant object library for basic operations."
Slashdot Mirror
From what I've seen of writings about ASP.NET, they tend to:
So, in this case, good practices are widely promoted, where in other cases, they aren't. Measures like magic_quotes_gpc aren't needed if parameterized queries are common. (magic_quotes_gpc wouldn't be a problem if there was a simple, page-by-page way to control it, like an option on ASP.NET's Page directive.) ASP.NET protects against potential cross site scripting errors by throwing an exception by default on HTML when in text boxes:
Note that this can be disabled on a per-page or per-application basis.It's really easy to use parameterized queries, so I simply do not have to deal with escaping strings before they go into the database. For example:
This makes it easier for executing the same SQL command multiple times with different values -- the parameters can be created once and their values changed accordingly & the query executed, instead of concatenating strings over and over again. There's no problems with magic_quotes_gpc, no addslashes or mysql_escape_string (or mysql_escape_real_string) nonsense.I assume features like this are not exclusive to ADO.NET.
All of their PDA and Blackberry devices are Bluetooth capable. You can get a Bluetooth capable device (either the Sony Ericsson Z520a, or a refurbished Blackberry), for only $70 online. The Z520a is definitely not a very high end expensive model; it's considered by some as low-end. Retail resellers often offer Bluetooth-capable phones for less, or even free; I think the Z520a is free at Best Buy currently. The Z520a was actually free online last week...
Since Cingular is a GSM carrier, the phones have uncrippled Bluetooth access. Just about every phone will have headset support, OBEX transfer support, which works with contacts, ringtones, pictures, and sometimes even games, and dial-up (GPRS/EDGE Internet) support. Some also have serial port access, which allows contact editing/snychronization and SMS access, and can send pictures directly to compatible printers. My current phone can even be used as a wireless Bluetooth HID mouse.
(This post typed with a Bluetooth keyboard.)
It's actually cheaper than DDR or SDRAM.
Even 200-pin DDR2 SODIMMs are reasonably priced.
Now all the residents of San Francisco can call their friends and family when Al Qaeda attacks!
DasBlog
.Text
BlogX
tBlogger
There may be others.
see MSDN Events
If you take a project that has been used only on Microsoft's .NET implementation, it many not work with Mono. But if an application is designed from the start to be compatible with Mono and Microsoft.NET, there's nothing stopping it from working well on both platforms.
Open source programs that are built upon closed source interfaces and systems can do nothing but hope that the next version of said closed source program will continue functioning the way its previous versions have. And they're given no guarantee whatsoever.
There's no guarantee this won't happen to open source software. However, this isn't even that much of a problem; software does not magically stop working overnight. Software written years ago for Win16 still works; just as software that take advantages of old graphical toolkits is still functional. Gtk+ 1 didn't die when Gtk+ 2 was released. However, sometimes software just needs to be updated to remain useful or competitive. But old software does not magically stop working.
Old .NET software still works today; .NET 1.0, 1.1, and 2.0 can be installed and work in parallel. I have moved a few .NET 1.1 applications over to .NET 2.0, and I experienced no problems; just a few compiler warnings from a few obsoleted classes and methods. Those classes and methods still worked; they do have replacements that are improved over the originals.
It would be stupid for companies to alienate their customers and developers by making significant changes that break existing software.
I just wonder why - why do they choose to build it upon something closed source?
Maybe they prefer .NET? I can't stand PHP, and I like the compiled, object-oriented nature of .NET. I also like the ASP.NET framework. Also, ASP.NET is supported by Mono and works fairly well...
It's not as if .NET is intrinsically better than other development options.
Well, let's see. It's not interpreted. It supports many programming languages. It provides a full framework that works well. It has strongly typed variables. It has a clean object-oriented architecture. I think all of those properties make .NET intrinsically better than a lot of the options out there. The ASP.NET framework makes web development great.
I have yet to learn Java, but I do know this: based on the properties I listed above, it'd be the only other thing I'd consider for a large project.
I mean, DotNetNuke is written in VB.NET - even if I were to develop in .NET, this wouldn't be my first choice.
What's the issue with VB.NET? VB.NET is pretty similar to C# in terms of functionality, and with Option Strict, does not make assumptions on type conversion/casting. I prefer C# myself, but can't think of any instance where something I've written in C# would be more difficult, buggier, or in general, worse, if written in VB.NET. VB.NET is easier to understand, which means it's more likely that beginners may use it, but there is nothing that makes VB.NET code intrinsically worse than code written in C#.
I'm not sure if it would work in Mono without some effort -- my guess is, DNN is tied to IIS somehow. It's also possible that the application is tied to Windows. I've seen this happen before with PHP projects and Apache -- while the projects may or may not be tied to a unix-like operating system, some assume Apache and depend on environment variables and features found only in Apache, or at least ignored the fact that these features were implemented in different ways in other web servers.
The article is incorrect in saying "at this point in time DotNetNuke runs on ASP.NET, a services layer which is only available for the Windows platform - a situation which the Mono project is trying to address." ASP.NET is indeed available on other operating systems using Mono's implementation. In other words, the Mono project has already addressed this issue. While running ASP.NET applications with Apache and mod_mono isn't as easy to configure as, say, mod_php or any old CGI application, it's possible and not very difficult for anyone with experience configuring Apache and compiling Apache modules -- comparable to setting up FastCGI.
Mono's XSP, a small, simple web server, works great for serving up ASP.NET applications.
While .NET programs can be portable between Microsoft's .NET Runtime and Mono, just as software written in many languages can be portable between Windows and Linux, it's also possible to write software that only functions properly in one operating system or the other.
This is blatantly incorrect. Mono has ASP.NET support, and works pretty well.
I am unaware of any way that a SQL injection attack could be done on code using parameters like this. This is not a simple string replacement & escape done in ADO.NET; the parameters are sent to the database and treated as variables. Also, in my opinion, the code is much cleaner and easier to read than concatenated SQL statements.
Otherwise, there was a Linux emulator-like program called LINE -- it didn't get very far.
And here's a site full of pictures and other information about Foonet.
Actually, it moves the mouse up and right slightly, which will click the Start button if you're using a 1-row taskbar. Otherwise, it doesn't click on anything.
Phone companies that do not use an entire 10000 allocation often allow the rest to be reassigned. For example, 330-475 is owned by Choice One Communications, but 475-(2,3,4,5,6,9) are owned by T-Mobile.
I was joining on indexed fields. The WHERE clauses were on various fields that I did not take any time trying to figure out *why* it was going slow, as I was moving away from MySQL. The same fields that were indexed in MySQL were indexed in Access. I ended up copying the tables into Access and I got much better results.
I just can't believe Access can be faster than MySQL.
Well, try turning off the anti-MS reality distortion field...
I don't think that's significant at all, as MySQL seems equally poor on any platform, but I was using Linux at first & and after the second time it went out of control, I used Windows MySQL on the local machine I was using.
As of 8.0 PostgreSQL also has a native Windows version.
I must disagree. I was running 4.1 and trying to do a multiple JOIN query using inline views. There were about 50,000 rows in each table. I first tried the query in Access using ODBC connecting to MySQL, and MySQL used up so much CPU that it nearly locked up the server. I figured it could be an ODBC issue, so I installed MySQL locally and tried the query in the command line client (after making some slight changes), and the same thing happened.
I copied the tables into Access and the same query executed in less than 5 seconds. Since that moment, I have vowed never to use MySQL again.
*ducks*
Despite MySQL's numerous flaws and drawbacks compared to other open source and commerical databases, it has still remained popular. This is simply another reason to use a superior product, such as PostgreSQL.
I'm not sure about AMPS, but I don't think TDMA would work. Since most American wireless users are on GSM or CDMA, this isn't a problem. Assuming there are no other factors, and that the earth is flat, such a system would work for a radius of approx. 16 miles on the ground, an area of approx. 800 sq mi. I would expect it to be unlikely that an area that large would be covered, however. Such a system could cause interference with networks outside of the affected area, and depending on the population & attempted usage of the area, may get crowded fairly quickly.
MySQL isn't a decent choice, regardless of the platform. There are superior free alternatives like PostgreSQL (which as of 8.0... and even MSDE (the "light" version of SQL Server) is free.
- php for winodws -> free
ASP.NET is also free, and is a complete web framework that supports multiple programming langauges (not the mess that PHP is). To use Microsoft's implementation, all you need is Windows XP Professional or Windows 2000/2003... or you can use the Mono implementation.
Except Avalon doesn't really fit the definition of vaporware, especially since a beta can be downloaded.
You really believe there are no developer tools on linux? Countless IDEs to choose from. From Anjuta to Kdevelop to Eclipse. Countless simple editors. Countless other tools like profilers, version control, etc etc. Detailed and thorough documentation on every tool you'll ever use. Please keep you uninformed opinions to yourself next time. Saves you the embarrassment.
Yeah, there's a ton of IDEs; a few are decent. However, none really do as much as Visual Studio. The same IDE can be used to develop web applications, simple forms-based applications, advanced C++ projects, Windows Mobile/Smartphone projects, etc., and it works very well with .NET. It can debug just about everything it can do. There are also third-addons available, amazingly even including a PHP addon. Visual Studio 2005 is introducing a lot of new features.
That article is 5 years old and was written when .NET was first announced... you may want to see the same author's article from four years later, in which he says ".NET is a great programming environment that manages your memory and has a rich, complete, and consistent interface to the operating system and a rich, super complete, and elegant object library for basic operations."