One of our clients integrates with a financial services company which provides an API to access data. Obviously this needs to be secure. Their QA environment is secured via SSL but is exposed only by IP address. A .NET client will by default throw a security exception when you try to create a SSL connection by IP because the certificate has been issued to a name. This code will get you past that…

ServicePointManager.ServerCertificateValidationCallback += ((sender, certificate, chain, sslPolicyErrors) => true);

Are you running a SMTP server on a Windows Server? Then you need to use the Microsoft Exchange Server SMTPDiag Tool. It will verify your SMTP, DNS and firewall settings to ensure everything is setup properly and you are able to send email.

If you use a loopback address (127.0.0.1) or hosts files on your Windows Server to reference a local IIS web application with Windows Authentication it will probably fail with a 401 error due to a new security constraint. This is often the case if you use a public url for your Sharepoint of TFS server. To resolve this you need to add a registry key…

1. Open regedit
2. Open the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Create a new DWORD under Lsa named DisableLoopbackCheck
4. Set its value to 1
5. Restart the server for good measure

Related Links

http://support.microsoft.com/kb/896861

http://ppalakollu.blogspot.com/2009/04/ie-8-ntlm-authentication-on-windows.html

Often in database design a table has a secondary unique key which defines a random alpha-numeric value; lets call this Code. While the table’s primary key is used for foreign key references in the database, the Code column has several advantages and uses. Since it is not a sequential value it can be shown to the user without giving away possible valuable information; for example giving away your sales volume. It can also be used as a URL query parameter to discourage one-up-attacks (note this should not be a replacement for proper data security).

So now that we are sold on having a Code column, what is the best way to implement it? Here is a method you can use to implement a proper Code column and have the database generate the value for you. This is a similar design pattern to using an IDENTITY column to generate the next value for a primary key. We would like for the column to have a default value of a new Code value, such that the application tier doesn’t have to worry about setting the value. An issue with this in SQL Server is that column default values do not allow for ‘dynamic’ values; we can use a view to get around this. As for the Code generation algorithm I piggybacked on the NEWID() function which generates a new uniqueidentifier. There are countless other algorithms you could use for this.

Create a view to generate the new codes…

CREATE VIEW [dbo].[Codes]
AS
SELECT LOWER(SUBSTRING(REPLACE(NEWID(), ‘-’, ”), 0, 16)) AS Code;

Create a function which returns a new code…

CREATE FUNCTION [dbo].[NewCode]
( )
RETURNS NVARCHAR (50)
AS
BEGIN
RETURN (SELECT Code FROM Codes)
END

Now we can use the dbo.NewCode() function as the default value for our table’s Code column..

ALTER TABLE [dbo].[XXX] ADD  CONSTRAINT [DF_XXX_Code]  DEFAULT ([dbo].[NewCode]()) FOR [Code]

That’s it! Now if you insert a row into the table the Code column will have a new value in it by default. Simple.

UPDATE

Here is a much better algorithm to generate codes. The previous algorithm has a ‘hidden’ issue; the NEWID() function only generates the letters A-H, so you don’t get the security of the full 26 character alphabet. The algorithm below also lets you choose which characters you want. This allows you to prevent issues like 1 and I, and 0 and O confusion.

CREATE VIEW [dbo].[Codes]
AS
select
[Code] =
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1) +
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1) +
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1) +
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1) +
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1) +
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1) +
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1) +
substring(ch, convert(int, RAND() * (LEN(ch) – 1)) + 1, 1)
from
(select ch = ‘ABCDEFGHJKLMNPQURSUVWXYZ23456789′) a

Here’s a quick tip: To generate “Lorem ipsum” text in Microsoft Word type “=lorem(x, y)”; where x is the number of paragraphs and y is the number is sentences. I regularly use this for fake text when developing websites.

The beta for Visio 2010 is up on MSDN. I didn’t even know there was a new version coming out. Given the number of “pretty pictures” I make, this is quite an exciting time.

More info on Visio 2010 at…

http://visiotoolbox.com/2010/

I’ll post my feedback once I’ve taken it for a spin.

If you are still using plain-old notepad.exe then I highly suggest you check out Notepad2. It is a much improved version of notepad but without all the bloat and madness of Word. If you’re using Notepad2 already then you might want to check out the extended version. It adds some additional features such as code collapsing and the installer does the Windows work to replace notepad.exe with notepad2.exe.

http://code.kliu.org/misc/notepad2/

This one is pretty self explanatory… I’m not sure why Microsoft didn’t enable this by default.

http://www.howtogeek.com/howto/windows-vista/add-encrypt-decrypt-options-to-windows-vista-right-click-menu/

MAKE SURE TO BACKUP YOUR ENCRYPTION KEY TO AN OFF-SITE LOCATION

If you move an encrypted file to another machine (like in the case of a OS rebuild) you MUST have the encryption key to restore the files. If you don’t have it; you’re out of luck.

http://www.howtogeek.com/howto/windows-vista/back-up-your-file-encryption-key-in-windows-vista/