<2006 February>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
2627281234
567891011

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Wednesday, 01 February 2006

Guess why I requested to change the password - because PayPal wouldn't let me login with my perfectly valid - and correctly typed - password. And now, when I finally gave in and am in the process of changing the password, it finally remembers that the very same password is currently active. Selective amnesia I suppose.

Categories: this
Wednesday, 01 February 2006 18:08:35 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 

THE security scanner has been made available in version 4.0. Nmap is a tool you should not miss out on when you are in need of scanning networks and hosts.

Categories: Cool Download | Security
Wednesday, 01 February 2006 08:48:16 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Thursday, 26 January 2006

All I wanted to do was post this screenshot to a DasBlog-powered blog:

So as usual, I went to Add Image / Browse... and end up in my user account folder with no useable subfolders thanks to the new restrictions. I fiddled for almost 15 minutes until I gave up - and copied the image to my XP box!

Note to self: next time, install Firefox right away.

Categories: this
Thursday, 26 January 2006 14:14:59 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 

Today, I got this message when I tried to access Microsoft Update on my Windows Server 2003 box. It told me that it either didn't find the control, or that it wasn't installed - and that I should look out for that yellowish bar advertising an ActiveX install attempt. Well...

After some hair pulling, Stephan pointed me to the article ActiveX controls may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688. The downloadable olereg.vbs did the trick - WU is now back in business.

Categories: Administration
Thursday, 26 January 2006 11:35:16 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 

The culprit: http://transfers.one.microsoft.com/ftm/

The error message:

---------------------------
Program Cannot Start or Run
---------------------------
The program or feature "\??\C:\DOCUME~1\CHRIST~1\LOCALS~1\TEMP\~EXB0000\setup.exe"
cannot start or run due to incompatibility with 64-bit versions of Windows. Please
contact the software vendor to ask if a 64-bit Windows compatible version
is available.

It's "only" the FTM that I need for Connect and MSDN Premium downloads! Dear Microsoft, how about a working version for us Windows x64 guinea pigs?

Note: I am complaining about the standalone install, not the ActiveX. But who's using IE these days?

Categories: this | x64
Thursday, 26 January 2006 10:51:06 (W. Europe Standard Time, UTC+01:00)  #    Comments [1]

 



#  Monday, 23 January 2006

When I installed the QuickTime security fix (v7.0.4 for the records) on my laptop, I finally found out who caused this event log entry on my x64 box:

I didn't pay attention to the files copied when installing on my x64 box, but this incompatible GEARAspi driver is being installed by iTunes (which I still don't get why it is installed when I need QuickTime, but isn't this the kind of "packaging" that got Microsoft into hot water?).

Categories: x64
Monday, 23 January 2006 08:01:52 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Wednesday, 18 January 2006

Yesterday, I picked up on an old code piece of mine - sending images to the client via an HttpHandler. Why in the world would you implement that with a handler when there is http.sys kernel mode caching? Well, I had a few unique constraints:

  • the images had to live outside the Web root and any of its vroots
  • the image names had to be concealed because the naming would give away information, and renaming the images prior to publishing on the Web was out of the question

Now, a common approach to sending images from a certain directory (leaving requirement #2 by the wayside for the moment) would be this:

image.aspx?image=iamthebest.jpg

So what is wrong with this approach? First and foremost using an ASP.NET page. The page lifecycle is a drain on performance and throughput, because you simply don't need it. That sorts out why I chose to go with an HTTP handler.

Secondly, somebody could DOS your server. You heard me right. For the background, check the article Trap Alert: Files that aren't. A .NET version (managed C++) of this checker can be found in this download (the article Dateityp-Ermittlung in Managed C++ is only available in German).

How do you get around this issue? Well, how about reading the directory up front, and instead of having the filename in the URL, send the hash! When the image is requested, take the hash and look up the corresponding file, presto. In addition you get one security feature for free: no directory traversals can be hidden in your code.

When I uncovered the code yesterday, I decided to rewrite it for more general use. So what do you get?

  • The ImageCacheControls project: it contains the ImageCache class, which does most of the heavy lifting. In addition, you get an ImageCacheControl server control, as well as the implementation of the HTTP handler. (Don't forget to check out the Readme.txt for the latest on feature set and known issues)
  • The Web project: a rather simple Web site with demo files in it. The file I want to direct your attention to is Image.ashx. This is the one file - aside from the control project binaries - that needs to be copied to your projects to get started with ImageCache. Note that I made it easy to work with C# (default) or VB.NET.

Usage of ImageCache is demonstrated in default.aspx.cs plus the source code of default.aspx (design time of the control does not work, known issue).

The code behind looks like this (CreateMapping loads the directory contents, initializes the hash to file name map, stores it into the cache):

using ChrisOnNET.ImageCache;

public partial class _Default : System.Web.UI.Page
{
   protected void Page_Load(object sender, EventArgs e)
   {
      // normally, this would be done in global.asax
      ImageCache.CreateMapping("demo", Server.MapPath("~/TestImages/"));

      // the DIY approach to rendering the image tag
      string testHash = ImageCache.GetHashForFile("026.jpg", "demo");
      Response.Write("<image src=\"Image.ashx?bucket=" +
         "demo" +
         "&image=" +
         Server.UrlEncode(testHash) +
         "\" />");

      // the elegant approach to rendering the image tag
      Response.Write("<image src=\"" + ImageCache.GenerateUrl("036.jpg", "demo") +
      "\" />");

      // see HTML source for server control approach (Design time not working, known issue)
   }
}

Rendering Image tags in Page_Load isn't nice, but after all it is only intended to show the functionality. Most likely you are going to use the declarative ImageCacheControl anyways:

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
<%@ Register Assembly="ImageCacheControls" Namespace="ChrisOnNET.ImageCache" TagPrefix="cc1" %>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <br />Using the ImageCacheControl:&nbsp;
        <cc1:ImageCacheControl ID="ImageCacheControl1"
            Bucket="demo"
            FileName="026.jpg"
            runat="server" />
    </div>
    </form>
</body>
</html>

That's basically it. Let me know what you think.

ImageCacheTakeOne.zip (59.55 KB)

Categories: .NET | 2 Ohhhh | ASP.NET | Use the source Luke
Wednesday, 18 January 2006 11:21:05 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Monday, 16 January 2006

From the download page: The IIS Diagnostics Toolkit is a combined release of popular tools used by today's IIS users. These tools include tools aimed at resolving problems related to Secure Socket Layer (SSL) issues, permission or security problems, gathering data for your SMTP server included with IIS, as well as the famous Log Parser utility used to sift through hundreds or thousands of log files very quickly.

The toolkit consolidates all the tools into a convienant download and is supplemented by updates every 90-days to ensure that users have the most current diagnostics tools at their fingertips.

Works with IIS 4 thru 6, and is available for x86 and x64.

Categories: Cool Download | IIS
Monday, 16 January 2006 08:40:53 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Sunday, 15 January 2006

Three months ago, I installed the NoSpamToday! SMTP Proxy on my dedicated server box (you can read about the adventures encountered in my blog entry Web applications and SMTP proxies don't mix well). Today I had a look at the statistics:

On average, the proxy rejects four out of five mails before they reach the mail server - for reasons ranging from malformed headers, banned file extensions, virus-contaminated attachments, and a SpamAssassin-based spam detection. Needless to say that my inbox is virtually spam-free since then. Neato.

Categories: Administration | this
Sunday, 15 January 2006 14:14:55 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Saturday, 14 January 2006

New runtime components are available which are compatible with the release versions of .NET Framework 2.0, Visual Studio 2005, as well as Office "12" Beta 1 (which I don't have anyways).

Categories: .NET | 2 Ohhhh | Cool Download | Visual Studio
Saturday, 14 January 2006 10:31:23 (W. Europe Standard Time, UTC+01:00)  #    Comments [3]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.