Monthly Archives: May 2008

SQL Server Security Best Practices

Bob wrote me an email as a response to this post. He also directed me to this whitepaper he wrote about SQL Server Security. Interesting read!

Posted in Uncategorized | Leave a comment

OpenID Phishing Demo

Funny and educational: http://idtheft.fun.de/

Posted in IdentityModel | Leave a comment

System Accounts and SQL Server 2005

I recently ran into a strange situation – I was expecting an “access denied” but it didn’t happen (yes – security guys are strange people ;). Here’s the long story: I was writing some test code for LINQ to SQL … Continue reading

Posted in Uncategorized | Leave a comment

Avoid unhandled Exceptions in WCF Error Handlers

The IErrorHandler interface in WCF allows to write some central error handling code that gets invoked whenever an unhandled exception bubbles up from your service. There are two methods to implement: ProvideFault – called on the request thread to turn … Continue reading

Posted in WCF | Leave a comment

How to change validity period of issued certificates in Windows Certificate Services

http://support.microsoft.com/kb/254632  

Posted in Uncategorized | Leave a comment

Two important Security changes in .NET 3.5 SP1

Shawn details the two big security changes in .NET 3.5 SP1 on his blog: Strong Name Bypass Full Trust on the Local Intranet We have discussed both changes internally – and I have mixed feelings about them. I guess the … Continue reading

Posted in Uncategorized | Leave a comment

Improved IisRegMgmt

Thanks to CarlosAg from the IIS team, I was able to improve my tool for registering IIS 7 management modules. IisRegMgmt01.zip

Posted in Uncategorized | Leave a comment