Wednesday, November 10, 2010
threadPools again
Thursday, September 30, 2010
threads and C#
Wednesday, September 22, 2010
Linux security
Monday, September 13, 2010
CLR
CREATE ASSEMBLY HelloWorld from 'c:\temp\HelloWorld.dll' WITH PERMISSION_SET = SAFE;
Next I created a stored procedure to wrap the assembly.
CREATE PROCEDURE SerializeXmlNodes
@x NVARCHAR(1000),
@sOutNVARCHAR(1000) OUTPUT
AS
EXTERNAL NAME HelloWorld.HelloWorldProc.HelloWorld;
EXEC SerializeXmlNodes @x = 'one', @sOut = @sOut OUTPUT
Friday, August 13, 2010
Killing Java
Killing Java
Will Oracle kill Java?They're currently suing Google over the way Google used Java in Andriod.
http://www.reuters.com/article/idUSTRE67B5G720100813
I don't know anything about the lawsuit or what's being alleged except for the article. Most interesting is Orcale's CEO's statement:
Oracle Chief Executive Larry Ellison has said he views the Java software as a key asset, pointing to its use in a variety of electronic devices, from PCs to DVD players."Sun's corporate philosophy was obviously very different from Oracle's in terms of enforcing the Java patents," said Edward Reines, an IP litigator at Weil Gotshall who is involved in separate patent litigation against Oracle.
The fact that Oracle sees Java as an "asset" and is talking about patents is probably the end of Java. For the last 10 years, open source enthusiasts have been begging Sun to make Java open source. Sun kept saying "no" but they kept throwing little bones out -- submitting Java to ANSI, free compilers, free tools, etc. Looks like maybe that's over. Gosling quit citing "ideological differences."
Now this.
As to Google, my prediction is that they will create their own language. Google's search engine is built on Linux but the kernal was completely re-written. So I think Google's response, if Oracle takes their ball and goes home, is to create another ball.
For the open source community -- they're in trouble. If Oracle starts to lock down mySql (now that they own that too), the open sourcers are in the strange situation of not having a database or a language. Their only desktop OS has almost no vendor support now (NVidia already dropped Linux support for their video cards). Apache is about the only thing left. And Mono.
It would be ironic if C#/Mono became the new open source standard. In truth, when I look at the desktop world, I think it's almost shifted so that Microsoft is now one of the least locked down, usable environments. Apple has made huge strides and become a major player. Based on market cap, they're actually bigger than Microsoft now. But they're infinitely proprietary.Google is awesome, but nothing if not proprietary.With Oracle's hard line stand on Java (if it continues), Microsoft is actually the least locked down of all the major vendors.I frankly never understood all the Microsoft hatred. Most of the Linux guys I know are fanatics about Apple, which is way more locked than anything Microsoft ever did. Many of them are Oracle fans, too, which has always been locked.
Java is 15 years old now, and, while it's really cool, is in need of an overhaul . Maybe this will be the impetus to get a new Java-like/C#-like open source language?
Although, more likely, Google will just create its own and lock it.
Thursday, July 29, 2010
powershell shortcut
Sunday, July 18, 2010
worflow timeouts
Friday, July 9, 2010
a while
Saturday, June 12, 2010
Friday, May 28, 2010
microsoft's future
Tuesday, May 4, 2010
Geek Humor
Sunday, April 18, 2010
wasssup with java?
Tuesday, March 30, 2010
Is Linux finally dead?
Tuesday, March 16, 2010
encrypted data store
For a while, I've been struggling with how to persist database connection strings. Some of them have user accounts and passwords, so I don't want them in plain text in the config file. I don't really want them hard coded either. I have played with encryption mechanisms on the config files but can't find anything I like. Using Microsoft's default framework, either the encrytpion is tied to the user id --- so when you move from a dev account to a production one, you can't decrypt --- or it's tied to the machine, which affords the same issue. If you manually encrypt, then you’re just displacing the issue, since you need to find a way to store an encryption key or the like.
So, here’s my solution. I’ve set up an encrypted database repository to store database connection strings. The connection string to this repository is in a plain text config file, but since it is SqlServer, it uses user auth to connect – so, no passwords needed. Since it’s an encrypted table, anyone looking to decrypt needs access to the database, the table, the cert and the symmetric key. Without all those privs, you get nothing. If additional security is needed, you can add certificate enforcement on the connection itself.
Here’s how to set up the basics.
First, you’d need to create a table. I’ll ignore the DDL for this. I used a “database name” for the key. For the value, you’d want something like this:
ALTER TABLE DataConnectionValues
ADD ConnectionString varbinary(255);
GO
It should be a big enough column, of course. I picked 255, since it has to account for an encrypted string, which would be longer than the non-encrypted one. And I picked binary since the encryption may use non-standard characters.
Ok. Next we’ll need a master symmetric key, if one doesn’t exist
IF NOT EXISTS
(SELECT * FROM sys.symmetric_keys WHERE symmetric_key_id = 101)
CREATE MASTER KEY ENCRYPTION BY
PASSWORD = ‘someCleverPassword’
GO
The inner select and existence check are clearly not needed, but I added them anyway.
Now a certificate:
CREATE CERTIFICATE DBConnection
WITH SUBJECT = 'Encryption for database connection strings';
GO
Next, a symmetric key using the cert
CREATE SYMMETRIC KEY DBConnection_01
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE DBConnection;
GO
I used AES 256, but SQL Server supports other encryption types.
That’s pretty much it for the set up.
Now you can insert a row into the table, then do an update to add the encrypted value.
To update a value, first open the key:
OPEN SYMMETRIC KEY DBConnection_01
DECRYPTION BY CERTIFICATE DBConnection;
Then do an update, using the EncryptByKey function (it takes a reference to the key just created above):
UPDATE DataConnectionValues
SET ConnectionString = EncryptByKey(Key_GUID('DBConnection_01'), 1234);
GO
The EncryptByKey will encrypt using the key, while the DecryptByKey function will decrypt, of course.
I’d recommend wrapping these in a set of functions or stored procedures so that the developers don’t have to mess with keys and certs. In addition, that means that the user accounts only need execute privs on the procedures, not select privs on the table.
The coolish thing is that the users will get nothing if their accounts don’t have the right privs.
To get that, you need connection and select privs on the table (or execute on the stored procedures), privs on the key and the cert.
You can add these cert and key privs by:
GRANT REFERENCES ON SYMMETRIC KEY::[DBConnection_01] TO [someUserId]
GRANT CONTROL ON CERTIFICATE::DBConnection TO [someUserId]
If you really want to get cool, you can add connection encryption to the initial connection string to get the database values. This is probably a good idea since you’ll be passing passwords across the wire. Doing that does two things: First, it encrypts the connection, second, it secures it via the certificate. Not only does this make it harder to hack the values, it adds an additional layer of authentication, since now, the user not only has to have the correct user credentials, but also has to have the correct certificate installed.
From the developer perspective, this is as simple as changing the initial connection string to something like:
Data Source=someServer;Initial Catalog=myEncryptedData;Integrated Security=SSPI;Encrypt=true
That last part sets the encryption to true, and secures the connection. To do this, you’ll need to set up a server certificate on the connecting server and also on the database server.
I’m out of space to discuss that here, but Google knows everything.
Next time I'd like to blog about how to wrapper this into a data connections library and use an object factory to really abstract the complexity of connecting to databases.
--kevin
Friday, February 26, 2010
case sensitive dictionaries
new Dictionary...(StringComparer.OrdinalIgnoreCase);