As usual, I’ve been reading voraciously about all things .NET and here’s a selection of articles and blog posts that every developer should read in their copious amounts of spare time over the holidays.
Our first stop is security… Security for developers has long been near and dear to my heart. So it should come as no surprise that I’m a big fan of Keith Brown‘s work. His articles on security for developers are very insightful and his book, The .NET Developer’s Guide to Windows Security, should be on every developer’s bookshelf. Keith recently published an article in MSDN Magazine entitled Encrypting Without Secrets, where he lays out a foundation for encrypting data (such as credit card numbers) without placing the decryption keys on an internet-accessible server. He uses a technique very similar to SSL where he uses public/private key cryptography (RSA in his example) to encrypt a dynamically generated symmetric key (AES aka Rijndael, pronounced rain-doll). You keep the private (decryption) key on a secure server in your back office and the public (encryption) key on your web server. Even if the web and/or database server are compromised, the attacker doesn’t have the decryption key to make use of the encrypted credit cards numbers he (or she) just harvested. Very cool stuff.
Our next stop is SharePoint land… Bil Simser has a great blog post that discusses why you shouldn’t use your lightsabre to slice cheese. (Because it will melt the cheese, silly!) His point is that although SharePoint is a cool tool, you should use it for what it was designed for. Like any tool, it cannot be all things to all people. A good developer/architect knows his toolset and knows how to pick the right tool for the job. When all you’ve got in your toolbox is SharePoint, everything looks like a webpart. If this is you, learn a few more tools so you can pick the right one for the job.
Last stop is the world of ASP.NET… There are a wide variety of ways to redirect a user to a new web page and ASP.NET 2.0 adds some new tricks. Ting-hao Yang enumerates the options, including pros and cons of each technique, in this blog post. A very worthwhile read for anyone doing ASP.NET development, either 1.X or 2.0.
