I have done some test on the new vulnerability of most common browsers. I tried to get more information on how to fix this. First I tried to get the URL of the popup window, but the problem is that you get your URL, not the URL of the hijacked displayed page, you cannot check if the current page is your page. Also, the HTML code (window.document.body.outerHTML) is the HTML code of your page.
Posted by Michael Schwarz on Thursday, December 9, 2004
Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.
Posted by Michael Schwarz on Thursday, December 9, 2004
The last days I had to build a web application with a lot of stored procedures to a SQL Server database. Because I had to change parameters very often I decided to write a simple wrappr for these stored procedures.
Posted by Michael Schwarz on Wednesday, December 8, 2004
For all the Google fans, here is the first local Google search: <font color="#0000ff" size="2">http://www.desktop.google.com/</font> [1]
Posted by Michael Schwarz on Thursday, October 14, 2004
I was searching for an easy way to create a copy of an existing live database and put it on the same SQL Server in a test database. Because I didn't find a good stored procedure I build my own SQL. To use it I put the code to the master database as a stored procedure, now I can run one short command to get a copy!
Posted by Michael Schwarz on Thursday, August 26, 2004
I read on the heise c't magazine security list some security issues with the Service Pack 2 for Windows XP. The article talks about the zone identifier in the NTFS file. If you download a file from the internet the file will be marked with a ZoneIdentifier in a NTFS stream. This stream will be used to decide to show a warning dialog. The warning dialog will allow you to decide wether you want to start this file or not.
Posted by Michael Schwarz on Wednesday, August 18, 2004
On this german website you can run several test for the new security settings:
Posted by Michael Schwarz on Tuesday, August 17, 2004
I am still developing my own SMTP server. A lot of people asked me why do I don't offer a POP3 server to get the emails. "Only a webfrontent is not enough for us...!" Ok, I started to create a POP3 server that will offer the messages. As you know already a demo server is running for the domain schwarz-webtools.de. If you want to have a test account you can a message to (Hidden) with the subject new email and you will get the account details for your POP3 mailbox.
Posted by Michael Schwarz on Friday, July 16, 2004
A lot of pages in my intranet application are using now the SetCookieEx functions. One of my .HTC components will be similar to the System.Collections.CollectionBase object in .NET. You can add this .HTC component to your page and use it f.e. for a shopping cart.
Posted by Michael Schwarz on Friday, July 16, 2004
While developing websites (intranet applications) I had to save a lot of information on the client or for a user. First, I used cookies to save information. I noticed that I can only save up to 20 cookies with a lenght of about 192 chars I searched for a new way of saving cookies. While I am only developing intranet applications for the Internet Explorer, I decided to use a webservice to save cookies.
Posted by Michael Schwarz on Friday, July 16, 2004
As I know there are a lot of developers that do not have a internet server with full access to the IIS (f.e. using a administrator website or remote desktop). You have to change the IIS settings for the new file extension.
Posted by Michael Schwarz on Friday, July 9, 2004
For the installation of the new Microsoft SQL Server 2005 (beta) you have to copy the files from c:\6091bfe0e40c1cb8ef (perhaps this id is different). Note: You cannot copy the complete folder because of an open reg file. Copy only the other files to a different location and you can use the setup for your laptop.
Posted by Michael Schwarz on Wednesday, June 30, 2004
If you start the installation for the new Visual Express 2005 (beta) developer tools you will need more time while installing because of the additional download of the tools (.NET Framework 2, ...).
Posted by Michael Schwarz on Wednesday, June 30, 2004
First, I will thank you for your help in the last weeks! It was a pleasure for me getting so much feedback.
Posted by Michael Schwarz on Thursday, June 24, 2004
SORRY: Here is the URL http://demo.pctopp.com/cvcart.htm [1]
Posted by Michael Schwarz on Wednesday, June 23, 2004
Yesterday evening someone of the INETA User Group Franken (Germany) asked me how to change the MSDE Security and Authentication. I will describe in some short words how to do this:
Posted by Michael Schwarz on Wednesday, June 23, 2004
I do not know if you already saw the Google Zeitgeist. But I think it is a good statistic on how the people browse through the internet. If i look at my own statistic log files I can see a similiar browser usage.
Posted by Michael Schwarz on Saturday, June 19, 2004
As I saw in the next generation of Visual Studio .NET there is a code-behind file for resource files. I tought this is an idea to create a small macro doing the same job.
Posted by Michael Schwarz on Wednesday, April 14, 2004
I'd like to start a a developer meeting in Germany (Nuremberg) the next months. The idea is different from the idea of the .NET user groups. I heared about the INETA communities, but the problem here is that there are a lot of developers starting with .NET without any knowledge about .NET.
Posted by Michael Schwarz on Saturday, April 10, 2004
I looked arround in the web to find websites with security lecks. After months there is no change to the webmasters, they still offer login textboxes side-by-side to guestbooks or weblogs. Some weeks ago I posted a sample on how to allow javascript execution on websites with a mouseover. But this was not very good...
Posted by Michael Schwarz on Tuesday, April 6, 2004
What do you think about our first VML class. I will spend more time on it to enable full scripting support for VML elements. At the moment it is only a first test. It is working as the Graphics GDI functions in System.Drawing. Have a short look on the samples:
Posted by Michael Schwarz on Tuesday, April 6, 2004
I am searching for a good .NET class library for RSS feeds that is free and can be redistributed also for free. Does anyone know a good version?
Posted by Michael Schwarz on Monday, February 23, 2004
When using XML with the Microsoft.XMLDOM ActiveX object I had to put the xml:space attribute to every element where I do not want to remove the blanks at the end of the text. When trying to add an attribute with the name "xml:space" I do not get the result I want. Following short code I have to use to set the xml:space attribute in .NET (C#):
Posted by Michael Schwarz on Monday, February 16, 2004
I only have one good PC at home for development and surfing in the internet. Sometimes I download free-/shareware from the internet and install this software on this PC. After doing this more than 10 times my Windows XP performance will be going down. For this problem I bought Norton Ghost (http://www.symantec.com [1]) to save my Windows XP image to a DVD. If I now have problems with my Windows XP installation I put in the DVD, boot from it... and 10 minutes later I have a cleare Windows XP installation.
Posted by Michael Schwarz on Monday, February 9, 2004
This week I am in Madrid, Spain, to install our software for a new customer. They have bought some new PCs, and the nice thing is that there is already a preinstalled version of Microsoft .NET Framework 1.1. They told me that there are already a lot of hardware stores that offer this service by default. Hardware stores worldwide: Please add this to your image, too! Thanks!
Posted by Michael Schwarz on Tuesday, February 3, 2004
The last months there are a lot of discussions about the SCRIPT tag in WYSIWIG HTML editors. A lot of companies allow the user to add SCRIPT code to their guestbook, auctions, weblogs... If you add a script that is using the URL Spoofing bug you can collect private data or change the website.
Posted by Michael Schwarz on Wednesday, January 28, 2004
If you are using the new Windows XP SP2 (at the moment in beta) there will apear the firewall settings if one of your programs try to access the internet or are listening on at least one port. The Windows XP SP2 firewall will display all programs that tried to access the internet in one list. All of us that are creating ConsoleApplication1 for demonstration of libraries do not fill the settings in the AssemblyInfo.cs. The problem now is that you will not see any title in this list. After a rebuild the firwall wizard shows again the list with another item that will not display a title, so: Which one do you want to choose?
Posted by Michael Schwarz on Friday, January 23, 2004
Everytime I see a developer coming from Visual Basic or Javascript doing some XML developemnt I get a question: How do I import a XmlNode from a different XmlDocument?
Posted by Michael Schwarz on Thursday, January 22, 2004
I have created a first test for a datagrid that allows you to add optional columns that are displayed if there is enough space on the screen. The columns have a minimum width and can grow as there are no additional columns.
Posted by Michael Schwarz on Monday, January 19, 2004
Today I tried to get the CreationTime of the bin/webapplication1.dll. I was in the wrong directory, so there was no webapplication1.dll. The nice think was, that I did not get any exception and a nice date: 1.1.1601 (minvalue of file dates).
Posted by Michael Schwarz on Tuesday, January 13, 2004
Currently not available!
Posted by Michael Schwarz on Tuesday, January 13, 2004
Yesterday evening I found my old source code that was missing about two weeks after reinstalling my Windows XP. So, I have added the SQL storage for my incomming emails. For the moment you can only send to this SMTP Server, every email will be accepted and stored in the SQL Server. There exists only one POP3 user (you can use your own username/password, everyting will be accepted). You cannot delete a message with the POP3 -DELE- command, I will add this funtion this weekend.
Posted by Michael Schwarz on Saturday, January 10, 2004