Protecting Data in .Net

Security is a big issue in computing these days. One way you can protect user's data is by using the DPAPI (Data Protection Application Programming Interface) available on Windows.

The article Managed DPAPI Part I: ProtectedData provides a very good explanation of what this is, so I won't bore you with the details here, but I will provide you with a code sample that you can use. To use this code sample, simply create a C# console application in VS.Net 2005 and paste this into the main file (I believe it will be called Program.cs).

One thing that should be mentioned, this does not protect the data in memory. It can be used to protect data that is written out to disk, but an industrious hacker can get the sensitive information out of memory. Check out Managed DPAPI Part II: ProtectedMemory for more information on protecting data while it is in memory.

using System;
using System.Security.Cryptography; // reference assembly System.Security.dll
using System.Text;

namespace DPAPIExample
{
    class Program
    {
        static void Main(string[] args)
        {
            string test = "hello world";
            string encryptedValue;
            string decryptedValue;

            Console.WriteLine(test);
            encryptedValue = Encrypt(test);
            Console.WriteLine(encryptedValue);
            decryptedValue = Decrypt(encryptedValue);
            Console.WriteLine(decryptedValue);
            Console.ReadKey();
        }

        // This is an article on using the ProtectedData API (a wrapper around DPAPI)
        // http://blogs.msdn.com/shawnfa/archive/2004/05/05/126825.aspx
        private static byte[] sEntropy = System.Text.Encoding.Unicode.GetBytes("put whatever you want here");

        public static string Encrypt(string text)
        {
            Byte[] data = Encoding.Unicode.GetBytes(text);
            Byte[] protectedData = ProtectedData.Protect(data, sEntropy, DataProtectionScope.CurrentUser);
            return Convert.ToBase64String(protectedData);
        }

        public static string Decrypt(string encryptedText)
        {
            Byte[] protectedData = Convert.FromBase64String(encryptedText);
            Byte[] data = ProtectedData.Unprotect(protectedData, sEntropy, DataProtectionScope.CurrentUser);
            string text = Encoding.Unicode.GetString(data);
            return text;
        }
    }
}

IE 7

I've been using Firefox for some time now and I really like it. However, being a technology junky, I felt compelled to install IE 7 as soon as it was released (I tend to avoid betas if at all possible).

IE 7 definitely feels like a modern browser. It has tabbed navigation, redesigned and streamlined toolbars, and a built-in RSS feed reader (though I plan on continuing to use Thunderbird for the RSS feeds I subscribe to). IE 7 also has the ability to add extensions, however, I haven't found any that I want to use (where's the Bork Bork Bork! translator?) and most of them cost money.

Firefox still has some very compelling features (specifically a better selection of extensions), however, I think I will stick with IE 7 for now (at least until Firefox 2 is released :).

Project Vote Smart

If you're planning to vote, you should check out Project Vote Smart. It's a great, non-partisan website that essentially aggregates a lot of information about politics, including voting records.

They also offer a survey that candidates can fill out (voluntary) that helps them define their position on many relevant issues (the survey is called NPAT - National Political Awareness Test). You can find out some very interesting (scary?) stuff about candidates positions.

The one thing I would love to see on the website is more community discussion. It would be interesting to be able to have an open debate about current issues, especially over legislation. We always hear about how important legislation is often hijacked to get unpopular (corrupt?) legislation passed. An open community discussion on this website would quickly show bad legislation for what it is and maybe start finding out some bad legislators.

Personally, I'm not too happy about Donald Young (R) the Alaskan representative and chair of the Transportation and Infrastructure committee.

``I'd be silly if I didn't take advantage of my chairmanship,'' Young said, according to the Anchorage Daily News. ``I think I did a pretty good job.'' Bloomberg, Sept 2nd, 2006

Best Financial Advice Ever!!!

Dilbert's Unified Theory of Everything Financial'

1. Make a will

2 .Pay off your credit cards

3. Get term life insurance if you have a family to support

4. Fund your 401k to the maximum

5. Fund your IRA to the maximum

6. Buy a house if you want to live in a house and can afford it

7. Put six months worth of expenses in a money-market account

8. Take whatever money is left over and invest 70% in a stock index fund and 30% in a bond fund through any discount broker and never touch it until retirement

9. If any of this confuses you, or you have something special going on (retirement, college planning, tax issues), hire a fee-based financial planner, not one who charges a percentage of your portfolio

PowerShell Developer's Conference

I just finished the PowerShell developer's conference and it looks like Microsoft is pretty serious about it. A number of Microsoft teams are developing enterprise products around PowerShell (such as Exchange 2007).

Microsoft is pushing the use of PowerShell snapins to be coupled with MMC 3.0 snapins. Basically they want developers to create PowerShell snapins that provide the functionality to administer an application and then create a MMC 3.0 snapin to provide the GUI environment (this would use the PowerShell API to run the PowerShell snapin).

This approach makes administering an application across the enterprise much simpler. Many I.T. administrators prefer a command-line over a GUI, especially if they can create a script to perform repetitive tasks.

I'm hoping that Microsoft builds PowerShell into Visual Studio. It would be nice to have such a rich command-line hosted within VS, especially if it has full access to the IDE object model (possibly an alternative to some macros). Unfortunately they were unable to give us any news about upcoming uses of PowerShell because the event was being recorded for distribution on the Internet and so it was not considered an "NDA" event.

They did have good swag (second definition:)though. They gave out a PowerShell labeled USB drive and t-shirt as well as a Microsoft System Center scarf and a foam Ch 9 guy.

PowerShell = Command-line + .Net

PowerShell is the future of the command-line for Windows. It's most significant feature is the fact that it is built around .Net and is easily extendable by .Net. In fact, you can use reflection to access any .Net object!

It includes the ability to assign alias's to frequently used commands, define functions, and call a number of pre-defined (and very useful) CmdLets (the equivalent of a command-line utility). It also has it's own scripting language including looping and conditional constructs reminiscent of C#.

Another feature I really like is the ability to navigate to non-filesystem drives, such as the registry. This allows you to navigate the registry the same way you would navigate the file system. You can define your own drives based on the drive providers that come with PowerShell (there are a number of them) or you can create your own provider using .Net.

PowerShell has not been released yet (due Q4 2006), however, you can download RC2.

PowerShell Home Page

Download PowerShell

PowerShell Team Blog

SQL Intellisense, Intellisense for SQL Server - SQL Prompt

This seems to be a very cool tool I've just discovered. It runs in the tray and turns Query Analyzer (I'm not sure about other editors) into a full featured editor! It includes intellisense with auto-complete, snippets, formatting, etc.

It is currently free, but not for long. Once version 3 is released (sounds like sometime this month), they are going to start charging for it.

SQL Intellisense, Intellisense for SQL Server - SQL Prompt