Saturday, November 26, 2005

Suggestion: RAD Ajax

I have been looking at many of the AJAX solutions out there and they all seem to be very powefull, versitilte etc... etc... , However they are wayyyy complex.

In most of them you need to define client side javascript etc.... blecch....

My suggestion for MS re ASP.net. Make it simple.
This is how it would work:

When the page is first generated the value of RenderControl should be sent for the defualt settings (or settings that were set before the rendercontrol is called.
Each control should receive it's own little viewstate on the page wrapped in a

Then the user presses a button. A XMLHTTP message is sent to the server contining the postpack values of the page - THE PAGE ITSELF IS NOT CHANGED - just a postbak is simulated.
The developer responds to the On.... events by setting properties on the controls
A quick pool of the page is made to see which controls have had properties changed.
These properties are then JSONed out to the page again

Friday, November 25, 2005

Suggestion: Validation Framework

I once had a need to mimic the functionality in the validation control framework – I had to validate values coming off of the querystring in asp.net. I initially thought of reusing part of the existing validation framework but after playing around and researching it a bit I realized that the framework is built on and too tightly coupled with the web form controls structure.

That got me thinking that you are limiting a very useful and powerful piece of functionality to one small piece of the .net framework.

There are many situations where a developer would need to validate values (not necessarily input) and once you have the basic structure – why not extend it.

Here is a suggestion that I had.

Rebuild the entire validation structure totally separated from the web control process. You can have web validation controls implement this feature – however so can others.

For example a programmer would be able to do something like this

If (Validator.Range(someInt,20,300))
{
// good
}
Else
{
//Bad
}

Or this would be great for parsing data types before you try to run a convert. (although the new TryPArse does help)

However I think one of the most interesting features can be from settting up a attribute system. A developer would be able to write something like this

[RangeValidated(30,100)]

Int I;

If a value out of range is assigned to I then a exception gets thrown (this can be thought of as built in Unit Testing)

Thursday, November 24, 2005

Sugggestion: "Secure Unicode" drawing function

A couple of months ago - I sent this suggestion to Mitch Kaplan at Microsoft. He posted it here

Hi. I actualy tried finding the correct blog post to submit this response too - but I couldn't

Anyways - A while ago you had a couple of posts on internationalized text esspecially in the browser however you also mentioned how it can be used to cloak a bad file in explorer etc...

Would this make any sense at all?

In vista- Create a "Secure Unicode" Rendering function - Sort of a "overriden" implemetation of drawText that will draw a little squiglly under any unicode charecter that is deemed suspious (You linked to a RFC that had some good ideas there) - this suiglly would be draw in the sane pen as the font and it would look similiar to the squiggly that word draws under misspelled words.

In any situtation where a unicode char might be used to fool the user into doing something he probablyu does not want to do Windows ,(and third party apps0 can use this version to ensure that the user is notified when a charecter might not be exactly what it looks like.

I can see this being used in windows explorer for file listings - or perhpas in login text boxes etc, email address boxes (I can send yo a link asking you to send sensitive info to a email address that looks similiar to an address you trust) etc....

Just a thought (obvioussly..)




Suggestion: SecureWebString

Everybody knows that you should NEVER! NEVER EVER! NEVER EVER EVER, use the values coming off the Querystring or cookies collection without validating them. Yet we forget - It is so easy to do an assignment like this

string s = Request.QueryString["ItemID"];

Yes we forget. And now Microsoft has introduced the ObjectDataSource - which allows you to specify a querystring parameter or a cookie to automaticlly pass to the databinding routine. Where is that going to get validated if the databinding happens automaticlly

Introducing the (suggested) SecureWebString class:

My suggestion is that all web collections/Property bags get rewritten to return a SecureWebString. The secureWebString will encapsulate the actula string containing the parameter and will cry foul (A security exception) if you try to access the value without having validated it.

How do we validate?

The collection or page or global class will have a validateSecureString event that will fire whenver the string is first accessed - this event will receive a non secured version of the string to validate - if the string is valid or it can be corrected by the handler then the string is marked as validated so that it can be acessed by the page code.

This adds a noninvasive auto validation regimin to all the "dangerous" strings out there. So the new objectdatasource will be vey welcome going ahead and reading a querystring parameter - because validation will take place..

A certain level of backwards compatibiliy can be acheveid by overing the = operator to retrurn the string.



Y



Suggestion: WBF - Windows (Vista) Backup Foundation

Yicky!! I am in middle of trying to setup a remote backup type of thing (over the internet). The backup/file selection interface is terible. This isn't the first one I have tried and the other ones were just as bad - that's what happens when many different companys have to implement the same thing - they hardly do it well. This interface isn't a selling point for the companies anyways - they do it because they need to provide a interface so they throw something together

On the other hand the windows backup interface is useable - but just barely - definatly more then the internet backup stuff I am trying to set up.

So , My suggestion - Seperate the backup interface from the backup engine. Make a central windows backup information store from which any backup application can read. Then all these companies whould not have to reimplement the same functionality every time. You would also be able to reuse the info between apps ( a tape backup and a remote backup)

On the other side you can now have a third party come out with an even better backup interface then the one built into windows and have that replace the windows one.

An added benifit is that since you now have a single point of backup information - application developers can now plug into that and specify the file extensions that do need to be backed up for that extension type and you can now specify the applications to backup rather then directories. Apps can also provide a backup export type of functionality

Monday, November 14, 2005

Krypton Toolkit



The Krypton Toolkit has been released.
It provides user interface controls for Windows Forms.
It is targeted at Visual Studio 2005 and .NET Framework 2.0.
It is free for commercial use
http://www.componentfactory.com/downloads.php

This page is powered by Blogger. Isn't yours?