qp

My web development blog

Where I sometimes also write about other stuffs.


Sundry matters -- chill, .NET problems

Not much in my update today, since I'm still chilling after my exam period. But I wanted to talk about something I've been thinking about.

For some time now, i.e. since I started working professionally with .NET, I've had this nagging feeling that there is something wrong with it. Certainly, .NET is a good framework -- or at least not too bad, otherwise it wouldn't be as widely-used as it is.

Off the top of my head, below are two of my personal issues with .NET:

It has too many options, which can of course be seen as a strength. To me though, it feels like the framework suffers from featuritis, which I understand is even worse in the case of Java. This is the strength of frameworks like Rails and Django which, while they may not be as flexible, simplify development a whole lot due to being "opinionated" frameworks with one recommended workflow.

Second, the .NET developer community largely feels resistant to considering things outside Microsoft's suggested "best-practices". I realise this contradicts my point above so I shall elaborate. (1) Microsoft suggests certain best-practices from the perspective of being a software company with fairly large development projects. Clearly, this isn't the case for every developer out there, and each project needs to be given some individual consideration. (2) The .NET best practices do not seem to stem from the basis of simplifying development, at least from the way I see it. (3) Following recommendations might be all well and good, if it is the case that one is able to defend them. I have not met anybody who can make a convincing argument that Microsoft's best practices are always, or even usually, the best, but yet there are those who would follow them for every scenario.

I understand these opinions come from my admittedly limited experience and knowledge of .NET, so perhaps I should do more reading on it when I do get the time.
Permalink | Posted 12:00AM 28-5-2012 by Quentin.

Sundry matters -- Exam prep

Busy studying. No content update today.
Permalink | Posted 11:15PM 13-5-2012 by Quentin.

Sundry matters -- plans for Somewhy, new .NET project

I'll be pretty busy these coming weeks with preparation for school exams and adjusting to my new job, so updates might be shorter with less content during this period.

Here's basically a list of items I'm planning to do sometime soon:
- search engine optimisation/marketing for Somewhy
- a new project in .NET and possibly working with Azure to evaluate it. I've been interested in trying that out for a while.

Will update on the above as I get more work done.
Permalink | Posted 1:27PM 29-4-2012 by Quentin.

Site matters -- looking at the access logs

There was a string of interesting entries that I saw when I was checking this site's access log last week. Said entries of interest were in the following form:

...
[13/Apr/2012:10:03:30 +0000] "GET /blog.php?dispPage=2+AND+1=2+UNION+ALL+SELECT+0x346e64337273306e31346e64337273336e-- HTTP/1.0" 200 12613 "-" "Mozilla/5.0"
[13/Apr/2012:10:03:31 +0000] "GET /blog.php?dispPage=2+AND+1=2+UNION+ALL+SELECT+0x346e64337273306e31346e64337273336e,0x346e64337273306e32346e64337273336e-- HTTP/1.0" 200 12650 "-" "Mozilla/5.0"
... (and many more with an increasing number of values added after SELECT)

If you know your web security basics, you will know that this is basically an attempt to test for vulnerability to SQL injection; if you don't, erm, well, it's an attempt to test for SQL injection. The wikipedia article on it is pretty informative.

What it does is -- and this is a very simplified explanation -- it makes the values given after the SELECT appear on the webpage if it is vulnerable to SQL injection. In my case, the values did show, but probably not where you'd expect.

You see, I do protect my database access from SQL injection, but I display the page number directly from the URL query string. Therefore, the bottom of my blog page will display something like "Page 2 AND 1=2 UNION ALL SELECT 0x346e64337273306e31346e64337273336e-- of 4", which is pretty weird looking, though decidedly harmless. Still, I wonder if the appearance of the values on the page will register as a false positive on vulnerability to whoever is doing the attacking. Either way, I have changed my code to do some formatting to the page number before displaying.
Permalink | Posted 12:26AM 20-4-2012 by Quentin.

Web dev matters -- home menu app on hold for now

I'm shuffling my schedule a bit and pushing back work on the home menu app for now. I'm also taking back the cock-eating bet I made about completing the app by next week. :D
Permalink | Posted 10:51PM 7-4-2012 by Quentin.

displaying page 2 of 6
<<First <Previous | Next> Last>>