Let's rokk! [Tudor Cret's blog]

August 24, 2011

Securing NopCommerce stores

Filed under: Uncategorized — Tudor Cret @ 9:29 am
Tags: ,

Why NopCommerce based online stores are secure? I’ve pointed out some arguments below:

  • NopCommerce uses Forms Authentication Provider and the ASP.NET membership provider with ASP.NET login controls (together they provide a way to collect user credentials, authenticate them and manage them using little or no code)
  • Database Access is secure – there are not used any dynamic sql statements. All queries are manually parameterized or by Entity Framework.
  • Message Errors are safe – the application doesn’t show detailed errors to users (achievable by configuring customErrors section properly in the web.config)
  • Sensitive Information is kept safely – password and encryption keys are encrypted  in the database using MD5 and SSL is turned on and also NopCommerce stores only the last 4 digits of the credit card and masked it
  • Guard Against Denial-of-Service Threats – file uploads are limited (4096kb). You can use httpRuntime section in web.config to set up this limit.
  • Guard Against SQL Statement Exploits – the applications uses parameterized SQL statements for data access
  • Guard Against Scripting Exploits – ASP.NET performs request validation against query-string and form variables as well as cookie values. By default, if the current Request contains HTML-encoded elements or certain HTML characters (such as — for an em dash), the ASP.NET page framework raises an error.

March 27, 2011

Windows Azure @ExperienceWorks(“v.1.0”)–Day 2

Filed under: Uncategorized — Tudor Cret @ 12:32 pm

 

ExperienceWorks it’s a partnership program initiated by MSP from Technical University of Cluj-Napoca and the local IT companies: BitStar, IQuest, ForTech and Evozon. The scope of the program is to link students, companies and academics using the common element – Microsoft technologies. This is the first edition –v.1.0.

I want to thank to all participants. It was a nice experience to share Windows Azure with you. I’ll be waiting until April 10 your email with the members of the team and the project you intend to do. You’ll have to finish it until May 1-14 when I suppose you are going to deliver it to the faculty too. Also don’t forget that we have the Windows Azure licenses – and no credit card or payment is required. As usual I’ve made a summary of the day 2. Just look below:

April 2, Windows Azure Day 2 summary:

We’ve dedicated the entire day to “Hands-on lab”. Also we’ve discussed about cloud computing patterns, scenarios and applications you can build using Windows Azure for your academic assessment and ExperienceWorks’s too. Topics we’ve covered:

  • Azure storage: tables, blobs and queues
    • We’ve built and run <WATKroot>\Labs\ExploringWindowsAzureStorageVS2010
  • SQL Azure
  • Cloud Computing Patterns & Practices
    • I’ve tried to share with you some ideas, scenarios and areas that would give you a starting point for your project. Some of them are:
      • audio/video content processing
      • SaaS solutions like ticketing platforms or erp’s
      • Data backup & restore
      • Social media and online marketing
      • Other domains where fast growth represents a major requirement

Day 1 materials available here.

March 25, 2011

Experience Works

Filed under: Uncategorized — Tudor Cret @ 1:14 pm

[Enter Post Title Here]

 

 

What is “ExperienceWorks”?

It’s a partnership program initiated by MSP from Technical University of Cluj-Napoca and the local IT companies: BitStar, IQuest, ForTech and Evozon. The scope of the program is to link students, companies and academics using the common element – Microsoft technologies. This is the first edition –v.1.0.

Between March,26 – May, 14 in each Saturday, a trainer will held a lab on a particular technology.  For this year we’ll have: Windows Azure, ASP MVC, WP7 and Silverlight. More details about the event here. So, I’ll dedicate the next two Saturdays on sharing from my work experience with Windows Azure.

The complete agenda for the Windows Azure lab is:

Day 1 – March, 26

  • Intro to Cloud Computing and Azure
  • Windows Azure Roles
  • SQL Azure
  • Diagnostics and Service Management
  • Solution deployment

Day 2 – April, 2

  • Storage basics
  • Queues
  • Using Azure Tables
  • Using BLOB Storage
  • AppFabric
  • Cloud Computing Patterns & Scenarious

Full event description available here.

 

May 25, 2010

Why I hate Apple!

Filed under: Uncategorized — Tudor Cret @ 3:52 pm

These days and weeks it happens to need some informations about the capabilities of running a web app. on iPhone. Actually I need to find how can I capture video and audio from iPhone’s camera and mic. from a web app., if I can. The final purpose is to send the captured a/v stream to a streaming server. For that I need to encode somehow the captured bytes.

I’ve started to google. But with no results. I thought QuickTime is the solution. No resources found. In the end I’ve called to developers support in UK and I’ve told them my problem. Now their answers: “Yes it’s possible, if you need to find out how please enroll in the program dedicated to developers”. That means $99/year. I’m not an Apple developer, I just want to build my app. to run on iPhone.

Posts on dev forums at Apple? Maybe if I’ll pay to Apple. On stackoverflow.com? Of course. No one had an answer. Moreover no simulators are available for iPhone on Windows. To buy one? No way. I’m waiting for the Windows Phone 7.

Conclusion: If you need something from Apple, first of all please sell your house, car, kids and wife and then come back to Apple. Why Apple can do this? They have no competitors. Android is too weak, Microsoft’s Windows Phone 7 is in the MS labs, Nokia & the rest sell just phones. Apple I hate you!

Blog at WordPress.com.