Thursday, August 30, 2007

Disable Windows Error Reporting

Every now and then I run into one of these application or system error that pops up the Error Reporting dialog box. This is one way Microsoft is getting the feedback from users on how well (or not) their software is performing or interacting with other applications and improve their products.

This is fine with me but sometimes, it gets really annoying when the same error keeps occurring and you have to report, wait and then close the dialog box or choose not to report it. To get rid of this headache once and for all, you can turn off this feature completely.

1. Launch System Properties dialog box
2. Click on Advanced Tab
3. Click on Error Reporting button
4. Select "Disable error reporting" radio button
5. Click OK twice to exit

You can launch System Properties dialog box through the Control Panel or by Right Click on My Computer then select Properties. Another way to bring it up is to press the [Windows][Break] key combinations.

Monday, August 20, 2007

Configure Interface - Cisco vs. Procurve

In Cisco IOS, you can switch from one interface from another real easy. The Interface command moves you from one interface to another without having to Exit every time you configure an interface.

With Procurve switch, you don't have the same kind of flexibility. Everytime you configure an interface, you would need to Exit out to Configuration mode before you can enter another interface.

Let look at this example on a Cisco switch:

Int g0/1
desc "IBA LAN"
Int g0/2
desc "ESV LAN"

That's perfectly legal on the Cisco IOS. Now configure that on a Procurve switch:

Int g0/1
name "IBA LAN"
Int g0/2
name "ESV LAN"

If you miss Exit command, you'll received an "Invalid Input" error because you can not go to a different interface from within an interface. I never like this approach and prefer the shortcut where you enter two commands on one single line. Not only it cuts out the Exit command but keeps you in the Config mode.

Int g0/1 name "IBA LAN"
Int g0/2 name "ESV LAN"

Monday, August 13, 2007

Web Application Security

Web applications are at great risks due to the fact that most applications are widely available to anyone with internet access. They often get compromised by script exploits.

Most script exploits require the application to accept malicious input and inject it into a page where it will be executed on the server or in the client browser. The potential damage from such an exploit depends on the script that is being executed (taking over a system, install malware, deleting data...)

The primary defense against script exploit is to never trust the information obtained from users. This apply to both incoming and outgoing data from users (data written to and data pulled from database).

There are many things a developer can do to protect application against script exploits. Data input by users should always be validated. Form elements should be HTML-encoded. Dynamic SQL might be flexible but yet it can compromise your data. Consider parameterized query against SQL queries using string concatenation.

In this simple example:

"Select * From Customers where LastName = " & txtLastName.Value

A malicious user who knows a something about database could turn that SQL statement into:

Select * From Customers Where LastName = 'a'; Delete From Customers Where LastName > ''

And when it gets executed, the database is compromised.

It is very important to understand how users and their data interact with your application. That way you can better protect your data, application and users from script exploits.
For more information on how to protect your web application see Basic Security Practices for Web Applications.

How To Set Access Key For Web Server Controls

Access key combination allows users to press ALT key plus another key to focus or jump to a specific control.

Some controls have Access property where you can set this like TextBox or ListBox. As an alternative, you can set an Access key for a Label control and then tell the browser to associate it with another control. With this approach, you can use the Label control as caption to indicate the access key with an underlined letter.

To set the access key using label control you must:

1. Add the control to be associated
2. Add a Label control
3. Set the access key
4. Associate the control to receive focus

Here's an example:

<asp:Label ID="lblLastName" runat="server"
Text="<u>L</u>ast name: ">
<asp:TextBox ID="txtLastName" runat="server"></asp:TextBox>

Note that setting focus by using access key from a Label control requires that client scripting is enabled in the browser.

Download File with Visual Basic

My.Computer.Network namespace provides the DownloadFile method which can be used for downloading a remote file to a specific location.

The basic syntax for calling DownloadFile method is to specify the file's location as a string or URI and the location to store the file as seen below:

My.Computer.Network.DownloadFile("", "c:\docs\readme.txt")

The overloaded methods allow you to specify more advanced parameter like timeout, username & password for protected file. The example below downloads password protected file.

My.Computer.Network.DownloadFile("", "c:\docs\readme.txt", "myusername", "mypassword")

Note that FTP protocol is used by the DownloadFile method to send information including username & password in plain text. It should not be used to transmit sensitive information.