Skip to main content

Posts

Showing posts from April, 2015

Why Share Access Keys are important in a cloud (Azure) solution

Azure resources and services can be accessed using different mechanism. From LIVE accounts and/or AD users to access tokens (Shared Access Signatures (SAS) and Shared Access Policies). Token based authentication and authorization provides delegated access to any service or resource that is exposed by Azure. It helps us a lot when we need to provide access to external systems. We have a granular and fine control to all resources that can be accessed in this way. Each token can be generated on the fly, based on our needs.  You don't want to share the 'full admin' rights to all external systems or components. From security perspective, this is a very useful thing. We don't need to create users, manage password, registration form and maintain the user list.  It is very tempting to use such a solution inside the system. Each internal component that access a Azure resources will be able to access it only based on a unique token that was generated only for that scop...

[Post Event] Global Azure Bootcamp in Cluj-Napoca, April 25, 2015 - Cluj-Napoca

The 3rd edition of Global Azure Bootcamp finished with success in Cluj-Napoca. We had a full day dedicated to Azure and IoT. At this edition we talked about Event Hub, Stream Analytics, Active Geo-Replication over SQL Azure and we discover how we can create our own datacenter in Azure. All these technologies help us to provider better solution with less development, cost and a higher quality rate. Thank you cloud! Thank you Azure! Thank you Microsoft! The event from Cluj-Napoca was organized by ITCamp and was sustained by two great company companies from Cluj-Napoca ( RIA Solutions and ISDC ). Without our local sponsors this event  would not have been possible. Thank you RIA Solutions! Thank you ISDC! In the end we would like to  thank you to all 50 participants that joined this event and sacrificed a beautiful and shiny Saturday for Azure. Thank you all! All the attendees that filled the survey at the end of the event had a chance to win one of the licences o...

Coding Stories - Properties with private getter

Today I had an interesting discussion with a colleague from another company. We started to talk about C# properties and how useful are in situations when you need to set or get the values of different object characteristics. Properties are perfect when you work with DTO - Data Transfers Object. For this case you don't need to have any kind of logic inside. Properties can be defined very simple: public class Foo { public string Name { get; set; } } Simple, I bet that you already knew this. When we went with discussion deeper, we talk about cases when you need to expose only the getter public and setter needs to be private. This can be useful when the value needs to be set only in ctor (constructor) or internally, during deserialization. public class Foo { public string Name { public get; private set; } } Good! Until now nothing special. But what about cases when the setter needs to be public and getter is...

Security - GET and POST

In today post we will talk about GET and POST from a security perspective. We will try to identify why we should use POST and not GET in different situations and when it is the same thing using GET or POST. Why I see this topic so important? At different security reviews or penetration tests I see recommendations where GET is not recommended. GET and POST overview The main difference between GET and POST is the way how parameters are send. When using GET, all parameters are send in the query string and are visible. In contrast, when using POST, the query parameters can be added to the body of the message, that is not directly visible. GET: /playground?name=Tom&age=20 POST POST /playground Host: foo.com name=Tom&age=20 As we can see in the above example, the parameters can be found in the body of the request, not in the query string. If we take a look on w3schools we will notify that the main differences between GET and POST are: Feature GET__ POST Can be ca...

[Event] Global Azure Bootcamp in Cluj-Napoca, April 25

Registration link:  https://www.eventbrite.com/e/cluj-napoca-global-azure-boot-camp-tickets-16118725542 ITCamp is organizing the 3rd edition of Global Azure Bootcamp in Cluj-Napoca. This year we plan to play with Event Hub, Stream Analytics, SQL Replication and to discover how we can create our own Azure Datacenter using Azure Pack. The event will take place at ISDC Office and is sponsored by ISDC (offering a great place where we can play with cloud) and RIA that will offer us all the sugar that we need to be able to discover the power of Azure. This event is very different from the other one because you need a laptop and Azure subscription. Why? Because there are hands on labs that will be done by all attendees. IF YOU WANT TO JOIN THIS EVENT THAT FALLOW THIS LINK AND REGISTER . Registration link:  https://www.eventbrite.com/e/cluj-napoca-global-azure-boot-camp-tickets-16118725542 See you in April 25! What is Global Azure Bootcamp? Welcome to Global Azure Bootcam...

Coding Stories - string.Format and enum as const

Looking over some code this days I found the fallowing things. 1. Odd way of using string.Format The fallowing code is extracted from an application: Trace.WriteLine(string.Format("{0}{1}{2}{3}{4}{5}{6}", "Generating ", count, " strings of size ", stringSize, " took ", duration, " milliseconds.")); Trace.WriteLine(string.Format("{0}{1}{2}", "Only ", strings.Count, " strings were generated due to uniqueness constraint.")); As we can see, ‘string.Format’ is overused. The code is not only hard to read and maintain, but the arguments are used everywhere, even when part of the string are constant. Even the spaces around words are fully missing from the format. The above code should look something like this: Trace.WriteLine(string.Format("Generation {0} strings of size {1} tool {2} milliseconds.", count, stringSize, duration)); T...

How to open a RDP connection to a device that doesn't has direct access to internet using Azure Service Bus Relay

In one of the previous post I presented a mechanism that can be used as tunneling solution for Remote Screen Sharing using Azure Service Bus Relay. Screen Sharing using Service Bus Relay (Azure) - an out of the box Tunneling (Port Bridge) solution - http://vunvulearadu.blogspot.ro/2015/03/screen-sharing-using-service-bus-relay.html   But what is happening when you need to establish a Remote Screen Sharing session with a machine that is in a private network without direct access to internet. For this case we would need a mechanism to forward the packages from the central machine, which has access to the internet to the other machine. In theory this could be done very simple, but in practice this could be done pretty hard, because forwarding packages to another machine is not a simple task. On top of this, it would be great if we could do this without having a custom application on the target machine. One solution is to use Service Bus Relay and Port Bridge applicat...