My friend Ryan^* sent me this comic about SQL Injection today. Here is a link to Wikipedia in case you are not familiar with SQL Injection. Your favorite search engine will also yield many results.

While it makes for a funny comic, SQL Injection is no laughing matter. As Michael Howard stated in Secure Code (2^nd ed.) p.341, "all input is evil until proven otherwise". I hope every developer who reads this will post a copy of this comic in their as a reminder to validate input and that even a serious topic like security can be made fun!

Cheers to a more secure 2008! J

jk

I'm thrilled that .NET 3.5 and VS.NET 2008 shipped late 2007. I decided to install these shiny new toys on my work computer this morning.

In the meantime, all of the WCF services on my local machine (Windows Server 2003 SP2) mysteriously stopped working. After debugging in code, I poked around IIS and noticed the script maps for .svc were missing! No problem, just run "%windir%\microsoft.net\framework\v3.0\windows communication foundation\servicemodereg.exe –i" to reinstall the script maps, right? WRONG! After an IISRESET, the .svc script mapping did not reappear. Of course I could have registered it by hand, but after a little searching on the web, I ran across a posting on MSDN Forums containing a solution.

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2566916&SiteID=1

<blockquote>

In the mean while, to unblock you the workaround would be to:

1.       Run %windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServicemodelReg.exe –s:W3SVC/1/ROOT to configure script maps at IIS://localhost/W3SVC/1/ROOT

2.       Run %windir%\Microsoft.NET\Framework\v3.5\WFServicesReg.exe /c to ensure that any damage done by the above command to .Net 3.5 configuration is fixed

</blockquote>

This fixed the problem for me, and hopefully this pointer will help others out as well!

Cheers

jk