There were a couple Microsoft developer events last week in Cincinnati beginning with the MSDN event Tuesday. Unfortunately, Bill Steele was not able to make it. I hope we'll see him at the next one. This MSDN event was not representative of the quality I've come to expect. Many of the demos failed (one or two is no big deal, but when many of them fail, it's not a good sign.) And in addition, I had to hear about SQL injection one more time. I've come to expect it in a security presentation, but come on, give me something new. We get it. We shouldn't be creating SQL statements by pasting together string segments. Move on already... In addition to the security session, Mike Benkovich presented sessions on IIS7 and the new client application services (which allows winform, WPF, and Ajax to share the ASP.NET membership, profile, and role providers). Unfortunately, he thought he was still on Central time and was running about an hour late at one point in the afternoon and didn't get to give as much attention to the client application services presentation as I was hoping.
Friday morning, Mike Wood presented at the now quarterly DevCares event. He did two sessions with some overlap of the MSDN event on security. The first session was to make us all want to stop using the Internet once and for all by identifying the top security threats we should be considering in our development (and as users of the Internet). The next session identified solutions to many of the identified threats. The DevCares material was much more in depth than what was presented at MSDN and was much more valuable in my estimation, even though I again had to hear about SQL injection. The final session Mike did was on extending Office applications in Visual Studio 2008. He did run a little short on time and skipped a couple demos, but I think we got a flavor of what's possible. Seems like the best thing is that the ability to create add-ins is part of the base VS 2008 professional product, rather than requiring a separate development environment as in the past.
One tool mentioned at both events was the Microsoft Anti-Cross Site Scripting Library (AntiXss), which for some reason has completely slipped under my radar. It's a free download from Microsoft and provides methods to safely encode various items for display in the browser, including HTML, JavaScript, URLs, VBScript and XML. There's an MSDN tutorial describing the library and its usage here.
0 comments: (+add yours?)
Post a Comment