Last month I went to the ASP.Net roadshow (same place as DevDays), which got me excited about ASP.Net development (especially using Whidbey) and gave me a wake up call about security. DevDays (to me) was the next episode in ASP.Net and security awareness lesson that so many of us need. Since the majority of my development is for an intranet site, I don’t always follow web application security best practices (I think it was Duane or Pat that said security adds cost).
The opening keynote was put on by Carl Franklin and Pat Hynds. Thankfully they didn’t have us do the "developer wave". Which apparently is the same thing as "the wave" at a ball game, but you don’t have to stand up. They brought up Thom Robbins to talk about InfoPath. Now I have an idea of what it is, but still not sure where I would want to use it yet. Duane Laflotte showed us Biztalk 2004, another interesting product which might be useful for me down the line (but not right now). Carl talked about SQL Server Reporting Services – which I really like. I have been playing with the beta 2 for a few months now, but haven’t really put together too many fancy reports. Julia Lerman gave us the lowdown on the Koolaid drinking that was going on at the PDC (longhorn flavored maybe?).
I skipped out on the closing keynote, but I’m sure it was just as informative as the opening. All the speakers were great and the presentations were packed with useful stuff. I got a lot of code that I will actually use.
The first time I read about XSS (cross site scripting) and Sql injection, I didn’t fully realize the issue. I completely understood that a hacker (by using one of these methods) could run a javascript in your web page and that a hacker could run SQL in your database if you don’t follow some rules, but I didn’t grasp some of the things you can do with javascript and SQL. For example: SQL, if it is a SQL Server and for some dumb reason you are concatenating strings to build your SQL and then just passing it to the database with a connection using a high level security login (say sysadmin), think about what a hacker could do with xp_cmdshell. They can run about any program on your server the want! For some reason, maybe it was the combination of studying for the SQL server exam and DevDays that that revelation made me REALLY STOP AND THINK. The OpenHack source code on the DVD was the second thing I installed (the first was Whidbey).
One thing you should check out -> DPAPI
Well worth the $75 and a PTO day!
PS. Microsoft event planners -> next time you have an event at the Copley Marriott, can you please, please, please get some better chairs? I’m a developer…my posture is not good, I put my feet on things and I sit all day in a big stuffed office chair, it is hard for me to sit in those dinning hall chairs for more than 20 minutes in a row.