Top announcement of the day: the mini Code Camp in Charlotte on August 20th. Brendon and I are already registered. Keep an eye on Maxim’s blog at www.ipattern.com for more details as they become available.
In other news, we had four companies looking to hire developers, including Magenic and Avanade. This does not include the recruiter who showed up for the first part of the evening.
After a bit of fun with the projectors and laptops, the presentations got underway. Doug Turnure filled in for Marty Mathis (unable to make it) and gave a brief look into how Reflection can expose your innermost private values. Just to review, reflection works by reading the .Net metadata to dynamically discover methods and fields. Doug began the presentation with a simple base class that he used as the object of reflection:
public class Customer
{
public string FirstName;
public string LastName;
private string Secret
public Customer(string firstname, string lastname)
{
FirstName = firstname;
LastName = lastname;
Secret = "SerenityNow";
public void Buy()
{
Console.WriteLine(me.FirstName + " is buying something");
}
private void SecretBuy()
{
Console.WriteLine(me.FirstName + " is secretly buying something");
}
}
}
Then we took a tour through reflection with the following code (I’m not bothering to write everything out)
using System.Reflection
Customer c = new Customer("Doug", "Turnure");
Type t = c.GetType();
foreach(MethodInfo mi in t.GetMethods())
{
// write out all the public method names
Console.WriteLine(mi.Name);
// invoke the Buy method
if(mi.Name = "Buy")
mi.Invoke(c, null);
}
// use the binding flags to specify which types of methods and fields to reflect on
BindingFlags bf = BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Static | BindingFlags.Instance | BindingFlags.FlattenHeirarchy
// show all methods
foreach(MethodInfo mi in t.GetMethods(bf))
{
// write out all the method names
Console.WriteLine(mi.Name);
// invoke the private SecretBuy method
if(mi.Name = "SecretBuy")
mi.Invoke(c, null);
}
// this can be done to fields as well - even allowing changes to fields
foreach(FieldInfo fi in t.GetMethods(bf))
{
// write out all the field names
Console.WriteLine(fi.Name);
// change the value of the private field Password
if(fi.Name = "Password")
fi.SetValue(c, "New Password"); //this will also overwrite readonly data
}
The reason this scary stuff works is because the runtime needs to know about your code, so everything is exposed. The only way to prevent someone from hacking your assembly is not to give it to them. Use web services. Or partially trusted permissions.
Doug finished his presentation and received polite applause as most people in the room looked around at each other in shock that their private data wasn’t actually private. Similar to the SPIDynamics presentation on SQL Injection and cross site scripting – there were several panicky looks…
Up next after Don was Steven Tynes from Avanade to present the Enterprise Library. For those who don’t know, Avanade is a joint venture between Accenture and Microsoft. They’re looking for bright people, so if you want a traveling job….
The Enterprise Library is the next logical growth after patterns (atomic solutions to common programming problems) and application blocks (subsystem level guidance for common services). The Enterprise Library helps to make the app blocks more consistent, easier to configure, and work together better than they did previously. Entlib is actually part of the patterns and practices guidance library and is a growth from Avanade’s original Application Connected Architecture for .Net (ACA.Net). The entlib is entirely free and is used as part of the framework for hundreds of software projects. Avanade has actually integrated the Enterprise Library into their new version of ACA.Net and is using it in over 30 clients’ projects.
We listened to Steven talk about the entlib configuration tool and the Data Access block for the majority of the time. There were so many questions from the group that the presentation quickly and frequently wandered away from the core material. Rather than try to cover what actually was said (the continuous questions were so distracting I stopped paying attention), I’m going to paste in a review of the Entlib I wrote several weeks ago when I saw Richard Weeks from Avanade presents the Enterprise Library:
The Enterprise Library wraps several of the PAP application blocks (Data, Config, Crypto, Security, Exception, Logging, etc). The goal of the enterprise library is to simplify the use of these blocks. For example, the extremely slick Configuration tool (add to the Tools menu by customizing the menu) will create all the XML in the App.config file based on a user friendly GUI as opposed to writing the XML on hand. The Database block allows you to connect to a DB, execute a stored proc, and bind the results to a grid in three lines of code. The logging component makes logging so easy it’s almost hard to believe. One line of code – Logger.Write(“text here”) – that’s it! Based on the config, we were logging to two places at the same time with independently configurable levels of detail. The exception component allows “exception policies” to be defined and log, wrapping an exception with another exception, replacing an exception with another, or create your own action. The exception policy tool was really sweet – complete with a list of potential exceptions (reflection, anyone?) you can select from. Dan and I both enjoyed this presentation – it looks like something really useful.
— Matt Ranlett
posted with BlogJet