I came across this little pickle about security and flash files. Basically since Flash is a wide open standard, anyone can easily grab your swf file and decompile it. Obfuscation works a little bit here, but a determined little bastard could eventually modify your source.

Of course someone could also just run your flash movie from their own server.

I came up with this little security table for some suggested guidelines in protecting our flash component.

Flash Security
Threat	Suggested response
File could be stolen and hosted on another server	Come up with an dynamic encrypted key system-- the malicous users would have to know the scheme to get the file to unlock -- this is not 100%
File could be hotlinked from another server	flash file will only allow paths from the same domain as the swf resides... this will ensure that no one will be able to hijack our swf and load their own XML file
File could be decompiled	Obfuscate the code

What worries me is that none of these are 100% safeguards. They will deter the average evil-doer, but anyone smart & determined enough could get steal our file and modify it.

Does anyone have any suggestions on improving what I have above?

I attended my first Houston Dot Net User Group meeting last night. It was a lot larger than I originally thought. Judging by their crappy website I would have never thought that they have been around for 3 years. I estimated about 120 people attended the meeting, which they said was their largest turn-out ever.

Anyway, I enjoyed the presentation on Enterprise Library, but more enjoyed talking to my old buddy Moe Al-Kazzaz! I haven't seen him since he graduated from UH last year.

I also heard that Venkat is going to be speaking at HDNUG in August. Save me a seat for that talk!

Man, what a day! I had a blast at this conference. I really got something from every session, which was a lot more than I was expecting... especially after reading some of Jason Olson's comments about TechEd. Anyway, I especially enjoyed the talks by Michael Stuart and Venkat Subramaniam on the new Visual Studio 2005 testing integration. My favorite features of Visual Studio 2005 are too many to list here, but mainly I think that Team Foundation Server is a huge step in the right direction. Microsoft is really paying attention to the community and providing what the developers really want/ (or already use)... but much tighter integration with the IDE. This was a recurring theme throughout the day... that you can do all of these things without leaving Visual Studio. I did think that the free books were a little lame... I mean 90% of the people that were present would not need an "Introduction to..." anything. They are obviously past that point. But I guess I shouldn't expect much for an entry price of $99. The books they handed out were:

• Introducing Visual Basic 2005 for Developers
• Introducing SQL 2005
• Introducing ASP.NET 2.0

Oh well, at roughly 200 pages each it should take long to breeze through them, and I might stumble on a gem or 2 :). The ASP.NET one is written by Dino Esposito, so I will crack it open, I enjoyed his 1.1 version.

I'll be there! Look for me in the Team Systems track...

Today I reformated my computer at work. It REALLY needed a fix, it was running so slow!

Anyway, I got 90% of the things I need installed in 1 day, which is pretty good. Now I'm wondering: I want to make a backup image of this install... should I use Norton Ghost or Acronis TruImage?


The first thing I like to do is customize the UI a bit... to do that I first patch uxtheme, then I download a nice visual style & background.

So far I am liking Milk, Simple Plan, and of course Water Color. I also found a good milk-look-alike called Kuantum that has extras for the Yz dock. Yz dock is a mac-cloned taskbar that auto-magnifies when your mouse rolls over it. I like this thing, and it goes great with TopDesk.

Anyway, here's a screenshot of the style in action:




YZ Dock looks like this:

Read my first published article here at CodeProject. I developed a ControlInjector for applying a String.Format() pattern to server controls, mixing html literal content and private controls.

The benefit is similar to the benefit of String.Format(), where you separate the string itself, and the variables to insert.

Let me know what you think of it!

I ran across an interesting problem today, and I'm surprised that I have never read anything online or in ASP.NET books on the topic.

Basically I created a Wizard Control that will facilitate the common UI task of separating a long task into steps. The idea of a Wizard with Next/Previous buttons has been a foundation of windows applications since the beginning. Providing a similar interface for the web can help a lot.

The control provides a table that looks like this:

Header

Step 1 of 5

Content goes here...

so I have the control developed, all is well, the html looks all nice and neat like this:



Now what if I wanted to encapsulate some of the controls in step1 into it's own user control? Sounds like it would tidy things up a bit. So I did this, and everything was okay. Until I wanted to make each ascx file in charge of validating and saving itself...

So I decide to instead, derive from FoundationWizardStep in the ascx code-behind. This way I could provide a couple public properties and method for validating and saving the form fields. This gives you an error though, because you cannot make a user control (one with an ascx file) derive from System.Web.UI.Control. Instead it must derive from System.Web.UI.UserControl. What's the difference, you ask? Well I suppose the it takes some extra steps in rendering to allow for rich designer support, but aside from that? Not much.

Now if I make FoundationWizardStep in turn derive from UserControl, I get even more weird behavior. I get a run-time exception in the html that the FoundationWizard doesn't have a child property of type FoundationWizardStep...

Now I have resolved the problem by eliminating the ascx control and making it a complete server control (class only). Anyone have ideas as to why this happened?

My new fix is Forza Motorsport for XBox. I am really getting into it. I particularly like how you can search for cars that match certain criteria; searching is a feature that is common to most applications (be it web, windows, whatever) but not so much in games... I'd like to see more of this.

Also, I REALLY like the fact that they licensed Porsche and Ferrari, these were missing from Gran Turismo 3 and it was disappointing (yes, I know that RUF's cars are really Porsches, but still)

I haven't yet played GT4 and was wondering how it stacks up against Forza.... I have a PS2, so I might pick it up if it's better than Forza.