{"id":250,"date":"2005-12-20T21:11:03","date_gmt":"2005-12-21T04:11:03","guid":{"rendered":"http:\/\/jameskovacs.com\/2005\/12\/21\/A+Grab+Bag+Of+Reading+For+The+Holidays"},"modified":"2005-12-20T21:11:03","modified_gmt":"2005-12-21T04:11:03","slug":"a-grab-bag-of-reading-for-the-holidays","status":"publish","type":"post","link":"https:\/\/www.jameskovacs.com\/index.php\/2005\/12\/20\/a-grab-bag-of-reading-for-the-holidays\/","title":{"rendered":"A grab bag of reading for the holidays"},"content":{"rendered":"<p><P>As usual, I&#8217;ve been reading voraciously about all things .NET and here&#8217;s a selection of articles and blog posts&nbsp;that every developer should read in their copious amounts of spare time over the holidays.<\/P><br \/>\n<P>Our first stop is security&#8230; Security for developers has long been near and dear to my heart. So it should come as no surprise that I&#8217;m a big fan of <A href=\"http:\/\/pluralsight.com\/blogs\/keith\/\">Keith Brown<\/A>&#8216;s work. His articles on security for developers are very insightful and his book, <EM><A href=\"http:\/\/www.pluralsight.com\/wiki\/default.aspx\/Keith.GuideBook.HomePage\">The .NET Developer&#8217;s Guide to Windows Security<\/A><\/EM>, should be on every developer&#8217;s bookshelf. Keith recently published an article in MSDN Magazine entitled <A href=\"http:\/\/msdn.microsoft.com\/msdnmag\/issues\/06\/01\/SecurityBriefs\/\"><EM>Encrypting Without Secrets<\/EM><\/A>, where he lays out a foundation for encrypting data (such as credit card numbers) without placing the decryption keys on an internet-accessible server. He uses a technique very similar to SSL where he uses public\/private key cryptography (RSA in his example) to encrypt a dynamically generated symmetric key (AES aka Rijndael, pronounced rain-doll). You keep the private (decryption) key on a secure server in your back office and the public (encryption) key on your web server. Even if the web and\/or database server are compromised, the attacker doesn&#8217;t have the decryption key to make use of the encrypted credit cards numbers he (or she) just harvested. Very cool stuff.<\/P><br \/>\n<P>Our next stop is SharePoint land&#8230; Bil Simser has a <A href=\"http:\/\/weblogs.asp.net\/bsimser\/archive\/2005\/12\/20\/433602.aspx\">great blog post<\/A>&nbsp;that discusses why you shouldn&#8217;t use your lightsabre to slice cheese. (Because it will melt the cheese,&nbsp;silly!)&nbsp;His point is that although SharePoint is a cool tool, you should use it for what it was designed for. Like any tool, it cannot be all things to all people.&nbsp;A good developer\/architect knows his toolset and knows how to pick the right tool for the job. When all you&#8217;ve got in your toolbox is SharePoint, everything looks like a webpart. If this is you, learn a few more tools so you can pick the right one for the job.<\/P><br \/>\n<P>Last stop is the world of ASP.NET&#8230; There are a wide variety of ways to redirect a user to a new web page and ASP.NET 2.0 adds some new tricks. <A href=\"http:\/\/blogs.msdn.com\/tinghaoy\/\">Ting-hao Yang<\/A> enumerates the options, including pros and cons of each technique, in <A href=\"http:\/\/blogs.msdn.com\/tinghaoy\/archive\/2005\/12\/15\/504357.aspx\">this blog post<\/A>. A very worthwhile read for anyone doing ASP.NET development, either 1.X or 2.0.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As usual, I&#8217;ve been reading voraciously about all things .NET and here&#8217;s a selection of articles and blog posts&nbsp;that every developer should read in their copious amounts of spare time over the holidays. Our first stop is security&#8230; Security for developers has long been near and dear to my heart. So it should come as [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,6,21,22],"tags":[],"class_list":["post-250","post","type-post","status-publish","format-standard","hentry","category-dotnetgeneral","category-aspnet","category-security","category-sharepoint"],"_links":{"self":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/posts\/250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/comments?post=250"}],"version-history":[{"count":0,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/posts\/250\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/media?parent=250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/categories?post=250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/tags?post=250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}