New Stuff
Resources for Your Developer Toolbox
Theresa W. Carey
Contents
Test Deployment Security
Defense Against the Dark Arts
Macromedia Rolls Out MX 2004
Manage Bugs and Issues
Translate from CFML to .NET
Defining Business Rules
Automate Program Documentation
Charting in .NET
The Bookshelf
Test Deployment Security
.gif)
Desaware is shipping CAS/Tester (automated code access security testing) for Visual Studio® .NET. CAS/Tester was developed to address the issue of security constraints as software is deployed through the Internet, intranets, and other distribution channels. Code access security is a key feature of the Microsoft® .NET Framework that enables administrators of each machine (via configuration settings) to decide exactly which types of operations an assembly can perform. CAS/Tester automates the process of testing an assembly by executing it under multiple security configurations and producing a report of the results.
Developers can use the command-line utility included with the product, or a GUI-based test add-in that is integrated into Visual Studio .NET 2003. Users can create scripts in Visual Basic® .NET or Visual C#® .NET. CAS/Tester supports testing of class libraries, components, user controls, Windows® Forms and console apps, and can invoke outside test assemblies or test harnesses. The output contains detailed information including permissions tested, and all exceptions that occur for each test, along with a stack trace. The reports can be customized by using XSLT templates.
Defense Against the Dark Arts
.gif)
Flicks Software offers a comprehensive suite of solutions for protecting Windows servers against brute-force attacks. One potential barrier is WebQuota, an authentication solution for Windows servers (Microsoft Internet Information Services 3.0 and above), which includes dictionary attack protection.
Dictionary attack protection stops brute-force attacks by monitoring the number of denied login attempts originating from a particular IP address. WebQuota's dictionary attack protection feature measures all denied user name/password attempts and records the originating IP address of the suspected hacker. When the brute-force threshold is met, all subsequent requests from the IP address in question are blocked for a preconfigured period of time. WebQuota also watches all https:// requests to the server for illicit activity.
Another valuable line of defense is to implement a strong password policy. Flicks Software's PasswordCheck verifies passwords at the time they are created, ensuring that they meet the administrator's preconfigured strong password criteria. Any passwords that do not meet the network administrator's criteria are rejected. PasswordCheck includes random password generation, allowing the user to choose from many different passwords.
Macromedia Rolls Out MX 2004
.gif)
Macromedia has released the next generation of its MX product family with new versions of Macromedia Dreamweaver, Flash, and Fireworks tools. Dreamweaver MX 2004 includes new and updated support for standards and server technologies such as CSS, secure FTP, and ASP.NET. Flash MX Professional 2004 provides developers with a forms-based programming metaphor, enabling them to build and deploy Internet applications, including video-rich, interactive experiences. Fireworks MX 2004 delivers an array of design tools and effects for Web graphics, and promotes collaboration through integration with other MX products.
Each MX 2004 product shares a consistent interface, design, development elements, and functionality. Studio MX 2004 includes Dreamweaver MX 2004, Flash MX 2004 or Flash MX Professional 2004, Fireworks MX 2004, and Freehand MX.
The MX 2004 family also includes building blocks called the MX Elements for Flash and the MX Elements for HTML, along with a unique interface for Internet applications called Halo.
https://www.macromedia.com/go/mx2004
Manage Bugs and Issues
.gif)
DCom Solutions has released yKAP—Your Kind Attention Please, a Web-based product for tracking bugs, managing issues, and exchanging messages. yKAP can be installed on machines running Windows NT®, Windows 2000, and Windows XP.
Users need a browser to access yKAP. yKAP is customizable, allowing users to add custom values for system parameters, such as priority, status, and complexity. The program includes reporting capabilities, enabling export into the user's preferred format (PDF, RTF, XLS, HTML, Text, and so on) from the browser.
With yKAP, you can perform trend analysis of your data and determine, for example, whether the average turnaround time for issues is improving. The yKAP system administrator can determine how much of yKAP functionality any user can have access to by specifying a role for every user. yKAP uses your browser to process and exchange XML data and messages with the server, thus avoiding reloading of "heavy" visual elements such as images, comboboxes, listboxes, and so on.
Translate from CFML to .NET
.gif)
New Atlanta Communications, a producer of server-side technologies, recently released the production version of BlueDragon for .NET, which allows developers to deploy ColdFusion Markup Language (CFML) Web apps onto the Microsoft .NET Framework.
BlueDragon is designed for organizations with legacy ColdFusion code who don't want to spend time and money rewriting the CF applications for other deployments. BlueDragon automatically redeploys the old code. With BlueDragon, CFML can be used as a native platform Web-scripting alternative to JSPs and ASPs, enabling full native integration support with J2EE and the .NET Framework and technologies.
Defining Business Rules
.gif)
ixio has recently released the ixio Smart Data Machine 2.0, which allows developers to describe business rules through a graphical tool, the ixio Studio, and store them in a database such as Microsoft SQL Server™. The ixio Smart Data Machine then implements those rules as a set of business objects, which can be extended and used by client applications that you develop as ASP.NET forms or Windows Forms using Visual Studio. The program allows you to bypass the creation of a business logic layer by developing code for data access, application and process flow, role-based security, personalization, and localization.
Automate Program Documentation
.gif)
Universal Report, published by Omega Computer, is an application for managing and automating the documentation of program files. Its goal is to generate a structured and highly formatted overview of a given set of program codes. A session can be achieved either step-by-step or automatically.
Universal Report is not focused on a specific programming language, and allows you to generate reports in several common formats (text, LaTeX, HTML) and languages (English, French, German, Spanish, Portuguese, and Italian). This universality is due to heuristics that use programming languages' intersection and examine further specific points. The tool's parameters can be tuned both for behavior and quality of output.
Additional features, including spell checking, general pattern research, automatic information extraction, automatic code formating, glossary maker, and graphics generator are also available.
Charting in .NET
Quinn-Curtis Inc. has introduced QCChart2D Charting Tools for .Net, an object-oriented, .NET Framework-based charting toolkit aimed at developers who want to add interactive charting graphics to their C# and Visual Basic .NET-based apps.
The toolkit supports linear, logarithmic, and polar coordinate systems used by engineering and scientific users. It also supports advanced, discontinuous time/date coordinate systems required by business users, where weekends can be removed from the time scale and a day can have a user-defined hourly range (such as the 9:30 A.M. to 4:00 P.M. range used in financial markets). Users are able to interact with charts: adding annotations, selecting, marking and moving data points, and zooming into a particular chart region.
The software is written in C# and works with all platforms and browsers compatible with the Microsoft .NET Framework. The recommended development environment is Visual Studio .NET configured for C# or Visual Basic.
The Bookshelf
.gif)
Adam Freeman, coauthor of Programming .NET Security, published by O'Reilly, says the majority of security lapses are caused by carelessness or lack of experience on the part of application developers. Freeman and coauthor Allen Jones wrote Programming .NET Security as both a tutorial and reference to security issues for .NET Framework-based application development.
The book offers examples for writing secure applications in both C# and Visual Basic .NET. Freeman and Jones rely on their years of experience in applying security policies for Microsoft, NASDAQ, Sun Microsystems, Netscape, and others. Before detailing the .NET Framework collection of security tools and recommendations, their book explains key concepts and common design patterns that developers must understand to build applications that can survive in a networked world.
One chapter discusses typical software development phases, and the opportunities each phase provides for uncovering vulnerabilities and defending against them. A section is devoted to .NET Framework support for cryptography, and other chapters deal with features unique to ASP.NET and COM+ component services. Also included is an API Quick Reference to all the types of the principal security-related namespaces of the .NET class libraries.
.gif)
Code Generation in Action by Jack Herrington is a guide to building, buying, deploying, and using code generators. Published by Manning Publications, the book demonstrates the techniques of building and using programs to write other programs. It shows how to avoid repetition and error to produce consistent, high-quality code, and how to maintain it more easily.
It demonstrates code generators for user interfaces, database access, remote procedure access, and much more. Direct examples are provided on a variety of platforms, including ASP and ASP.NET, Java/J2EE, and Open Source solutions such as Perl, Python, and PHP.
Send your New Stuff to Theresa at newstuff@microsoft.com.
Theresa W. Carey is a freelance writer who lives in California. Her byline has appeared in Barron's and PC World.