Tuesday, April 26, 2005

IIS WebCast Series Website

This http://www.iiswebcastseries.com link is awful one, for all potential people involved in IIS 6.0. It is a mixture of all previous web-casts, future webcasts on IIS 6.0. I found it pretty cool to delve into details of IIS 6.0 server, and configuration issues.

You can mail iiswcast@microsoft.com for further queries and comments.

Get deeper into IIS 6.0, and happy programming !!!

Monday, April 18, 2005

SecureString in Whidbey 2005

Enter Password: ********** .What if the password you’ve kept alive till the transaction is not garbage collected?
Enter Credit Card Number: 54XX-XXXX-XXX-XXXX. Are you sure enough that, your own encrypting algorithm will clean up memory, after the credit card info is validated?
Enter your SSN Number; Enter your Account Number, the list seems unending.

Assigning sensitive data to string is more common development strategy. String class in .NET flexible and is immutable. Immutable in the sense, once the instance of string variable is created, it is read-only, and it is not possible to predict when that instance is garbage collected. Having no control over finalization, makes us to think twice while assigning a password to string variable.

There is a new class available in .NET 2005, “SecureString”. In this entry, I will evaluate some of the features of securing your secure info, leveraging new SecureString class.

A SecureString object is same as String object. Both can hold text values. SecureString is available in System.Security name space. SecureString represents that the text should be encrypted. It represents text that should be kept confidential and is encrypted for privacy when being used, and deleted from computer memory when no longer needed. That is, it guarantees that data should be deleted from computer memory, after use. (No more waiting till GC cleans!!!). That is SecureString has deterministic destruction(will have its destruction well defined) after usage. SecureString can encrypt/decrypt data on its own, and uses windows well defined and proven encryption/decryption methods. When we assign a password to secure string, the data is encrypted, and when we retrieve, it is decrypted. The value of an SecureString instance is automatically encrypted when the instance is initialized or modified.
The value of an instance of SecureString is automatically encrypted when the instance is initialized or when the value is modified. Your code can render the instance immutable and prevent further modification by invoking the MakeReadOnly method.
SecureString has no members that inspect, compare, or convert the value of a SecureString. The absence of such members helps protect the value of the instance from accidental or malicious exposure.

Monday, April 11, 2005

DevCon2005 @ MUGH

Finally,

Thanks a zillion to all for making DevCon 2005 a grand sucess. It was really great experience in planning, organizing and conducting such a great event. There was tremendous technology flowing every where at DevCon 2005, and wide audience were just in high spirits !!!

DevCon 2005 had attendees from Infosys, Satyam, Virtusa, Wipro, TCS, Infotech and Keane. It is thrilling to have such high profile audience in any event.

There are couple of suggestions for MUGH, and wait more to see them implemented.