Archive for October, 2007

Why you should care about password length

Jeff Atwood shows us why we should consider better password policies when developing applications or setting company policy.  

As we know, the biggest threat to security is not hackers, but the users themselves making it easy for someone to gain access to protected resources by having ridiculously easy to guess passwords. As developers we are as much at fault for building applications that allow this behavior.  Jeff recommends using pass phrases instead of passwords. A phrase is longer (and thus more resistant to brute force) and easier to remember than a mixed up jumble of nonsensical characters. By adding an unusual word or character pass phrases are very difficult to break with dictionary attacks as well.  Pass phrases are controversial as well, see:

The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3

The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3

The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3

Personally, I think the hard part is convincing users and business owners of an application that longer or more complicated is better. From my own experience I understand users want the simplest password policy possible. Often the business owners of an app don’t feel the information being protected is all that important to justify such an imposition for the users, or feel that it becomes a support expense because users can’t manage their own data or password very well (a great argument for using something like Windows CardSpace). I think they forget that users re-use the same password everywhere possible: a free e-mail account, network access at work, bank web sites, a blog, a MySpace account, etc. I would not want to be responsible for a malicious person to gain a password from my system and then use that password to systematically destroy someone else’s life. Be strong, insist on good password policy.

Posted on:
Posted in Security | Comments Off on Why you should care about password length

Day of .Net Presentation

I thoroughly enjoyed my presentation and the time at Day of .Net this past Saturday. Special thanks to those folks who attended my presentation.

Here is my slide deck.

This is a zip file of the code from the presentation. Remember you need the .Net 3.0 framework and the SDK for Open XML Formats CTP in order to run the code.

Posted on:
Posted in Office, Speaking | Comments Off on Day of .Net Presentation

Open XML References

Resources

ECMA-376  Standard Specification

Word 2007 Content Control Toolkit

Open XML Code Snippets for Visual Studio 2005

OpenXmlDeveloper.org

Open XML e-book

XML in Office Developer Portal

SDK for Open XML Formats CTP (online)

MSDN Forum for Open XML SDK

Software

Package Explorer

ExcelPackage

Word 2007 Content Control Tookit

Open XML Code Snippets for Visual Studio 2005

SDK for Open XML Formats CTP (download)

Microsoft .Net Framework 3.0

Articles

Introducing the Office (2007) Open XML File Formats

Building Server-Side Document Generation Solutions Using the Open XML Object Model (Part 1 of 2)

Building Server-Side Document Generation Solutions Using the Open XML Object Model (Part 2 of 2)

Manipulating Excel 2007 and PowerPoint 2007 Files with the Open XML Object Model (Part 1 of 2)

Manipulating Excel 2007 and PowerPoint 2007 Files with the Open XML Object Model (Part 2 of 2)

Dive Into SpreadsheetML (Part 1 of 2)

Dive Into SpreadsheetML (Part 2 of 2)

Manipulating Word 2007 Files with the Open XML Object Model (Part 1 of 3)

Manipulating Word 2007 Files with the Open XML Object Model (Part 2 of 3)

Manipulating Word 2007 Files with the Open XML Object Model (Part 3 of 3)

Blogs

Wouter van Vugt

Brian Jones

Kevin Boske

Posted on:
Posted in Office, Speaking | Comments Off on Open XML References

ASP.NET Web Project Build Events

I have a web project (the original 2005 web project type, not a web application project) and had a problem getting files copied to the bin directory. Essentially, one of the library projects referenced by the web project has an XML file in the project output, but when the solution is built, the XML file in the bin directory of the library project is not pulled into to the bin directory of the web project. Of course, a post-build event seemed like the thing to do, but web projects don’t have support for that.

A little digging and I found this post by Scott Guthrie that describes a “Build Helper Project”. You simply add an empty class library project to your solution. You then use the build events in the empty project use to add build events to your web project. You just make sure the project build order is correct so the events get called when you need them.

Posted on:
Posted in .Net 2.0, ASP.NET | Comments Off on ASP.NET Web Project Build Events

Speaking at Day of .Net in Ann Arbor

I will be speaking at Day of .Net in Ann Arbor, MI on October 20th. It’s a Saturday, and it’s a completely free event. I will be presenting Creating Office Documents with Open XML. I will be going over the Packaging API and how to programmatically create and manipulate Office docs.

There are four concurrent sessions all day long covering many aspects of .Net.

See you there!

 

Day of .Net October 20, 2007 - See You there!

Posted on:
Posted in Office, Speaking | Comments Off on Speaking at Day of .Net in Ann Arbor

Laws from DDJ

Got my new November Dr. Dobbs issue today. The back column “Swaine’s Flames” has reminded me of some programming “laws” that I have seen before. I have added my own corollaries for each:

Kernighan’s Law: “Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.”

My corollary: “The developer who’s code that you inherit believed they were twice as smart as they really are.”

Eagleson’s Law: “Any code of your own that you haven’t looked at for six or more months might as well have been written by someone else.”

My corollary: “You can recognize that you have written code to solve a particular problem but will be unable to locate the specific instance you recall.”

Posted on:
Posted in Programming | Comments Off on Laws from DDJ