So a few of the passionate conversations here at the MVP summit have been around sacrificing testing when a deadline looms. Apparently this is a common practice amongst MVPs which I think a lot of us were quite surprised at. D'arcy, Rod, and myself were talking about this at lunch so I thought I would add our thoughts to the mix: There are a few things you can do when under a looming deadline: Add Resources By adding resources to a project you can get more...

In my previous post WCF And Large Messages. I mentioned there was a better way to send large data. As I have been getting a lot of traffic on this topic here is the improved methodology: One of the really sweet features of WCF is to allow the streaming of messages between client and server. By default messages are buffered and once completely built they are sent. While this works great for small messages once you start sending large amounts of data (in my case a 50-70Mb file) it really pays off. For my case sending data as a large message...

I recently had to load a lot of comma separated data into a file never knew how easy it was to load CSV data into a table. Here is the t-sql: BULK INSERT Address FROM 'c:\address.csv' WITH     (     FIELDTERMINATOR = ',',     ROWTERMINATOR = '\n',     FIRSTROW = 2,      ) So handy to have this feature. Simply just point the from...

Hopefully I have driven home the facts that salts are an important part of keeping a hash secure. We have done this using the strong random number generator of RNGCryptoServiceProvider. Now just because we applied a salt does not mean that our hash is rock solid. The hash and salt usually sit next to each other in the database/file they are stored in like so: UserId UserName Hash ...

The best way to defend yourself is to know how to attack yourself so here are some of the scenarios a password system may be attacked with Brute forcing the application Here an attacker is attacking the website/winform by throwing a dictionary/random strings at it. In this case the application still loads the salt from the database and does all the work to verify the password. So salting is transparent to the attacker and has zero influence on this type of attack. The best mitigation techniques are account lockout policies (3 failed logins and the account gets locked),...

Although the timing is funny this is not an April Fools joke. I was awarded a MVP award for Security today. Another local Tom also got an MVP for C#