Welcome to Michaels Blog

All posts published in 2004

Blog of latest news, updates, and stories for developers

Multiple Browsers Window Injection Vulnerability (Fix?)

I have done some test on the new vulnerability of most common browsers. I tried to get more information on how to fix this. First I tried to get the URL of the popup window, but the problem is that you get your URL, not the URL of the hijacked displayed page, you cannot check if the current page is your page. Also, the HTML code (window.document.body.outerHTML) is the HTML code of your page.

Posted by Michael Schwarz on Thursday, December 9, 2004


Multiple Browsers Window Injection Vulnerability

Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.

Posted by Michael Schwarz on Thursday, December 9, 2004


SQL Server Stored Procedures Class

The last days I had to build a web application with a lot of stored procedures to a SQL Server database. Because I had to change parameters very often I decided to write a simple wrappr for these stored procedures.

Posted by Michael Schwarz on Wednesday, December 8, 2004


Google indexing your hard disk

For all the Google fans, here is the first local Google search: <font color="#0000ff" size="2">http://www.desktop.google.com/</font> [1]

Posted by Michael Schwarz on Thursday, October 14, 2004


Create a copy of an existing SQL Server database

I was searching for an easy way to create a copy of an existing live database and put it on the same SQL Server in a test database. Because I didn't find a good stored procedure I build my own SQL. To use it I put the code to the master database as a stored procedure, now I can run one short command to get a copy!

Posted by Michael Schwarz on Thursday, August 26, 2004


Windows XP Service Pack 2 Security Problems

I read on the heise c't magazine security list some security issues with the Service Pack 2 for Windows XP. The article talks about the zone identifier in the NTFS file. If you download a file from the internet the file will be marked with a ZoneIdentifier in a NTFS stream. This stream will be used to decide to show a warning dialog. The warning dialog will allow you to decide wether you want to start this file or not.

Posted by Michael Schwarz on Wednesday, August 18, 2004


Check you Internet Explorer (Win XP SP2) Settings

On this german website you can run several test for the new security settings:

Posted by Michael Schwarz on Tuesday, August 17, 2004


SMTP Server (create temporary email addresses)

I am still developing my own SMTP server. A lot of people asked me why do I don't offer a POP3 server to get the emails. "Only a webfrontent is not enough for us...!" Ok, I started to create a POP3 server that will offer the messages. As you know already a demo server is running for the domain schwarz-webtools.de. If you want to have a test account you can a message to robot @ schwarz-webtools.de with the subject new email and you will get the account details for your POP3 mailbox.

Posted by Michael Schwarz on Friday, July 16, 2004


A sample on how to use the SetCookieEx function

A lot of pages in my intranet application are using now the SetCookieEx functions. One of my .HTC components will be similar to the System.Collections.CollectionBase object in .NET. You can add this .HTC component to your page and use it f.e. for a shopping cart.

Posted by Michael Schwarz on Friday, July 16, 2004


Use Javascript objects like you do it in C#

While developing websites (intranet applications) I had to save a lot of information on the client or for a user. First, I used cookies to save information. I noticed that I can only save up to 20 cookies with a lenght of about 192 chars I searched for a new way of saving cookies. While I am only developing intranet applications for the Internet Explorer, I decided to use a webservice to save cookies.

Posted by Michael Schwarz on Friday, July 16, 2004


How to use your own IHttpHandlers without changing IIS settings

As I know there are a lot of developers that do not have a internet server with full access to the IIS (f.e. using a administrator website or remote desktop). You have to change the IIS settings for the new file extension.

Posted by Michael Schwarz on Friday, July 9, 2004


Microsoft SQL Server 2005 (beta) installation files

For the installation of the new Microsoft SQL Server 2005 (beta) you have to copy the files from c:\6091bfe0e40c1cb8ef (perhaps this id is different). Note: You cannot copy the complete folder because of an open reg file. Copy only the other files to a different location and you can use the setup for your laptop.

Posted by Michael Schwarz on Wednesday, June 30, 2004


Visual Express 2005 (beta) installation

If you start the installation for the new Visual Express 2005 (beta) developer tools you will need more time while installing because of the additional download of the tools (.NET Framework 2, ...).

Posted by Michael Schwarz on Wednesday, June 30, 2004


SMTP Server (more tests please)

First, I will thank you for your help in the last weeks! It was a pleasure for me getting so much feedback.

Posted by Michael Schwarz on Thursday, June 24, 2004


WebService calls using Javascript (user experience)

SORRY: Here is the URL http://demo.pctopp.com/cvcart.htm [1]

Posted by Michael Schwarz on Wednesday, June 23, 2004


Change MSDE Security and Authentication

Yesterday evening someone of the INETA User Group Franken (Germany) asked me how to change the MSDE Security and Authentication. I will describe in some short words how to do this:

Posted by Michael Schwarz on Wednesday, June 23, 2004


Only develop for Internet Explorer 6?

I do not know if you already saw the Google Zeitgeist. But I think it is a good statistic on how the people browse through the internet. If i look at my own statistic log files I can see a similiar browser usage.

Posted by Michael Schwarz on Saturday, June 19, 2004


Create code-behind files for resource.resx

As I saw in the next generation of Visual Studio .NET there is a code-behind file for resource files. I tought this is an idea to create a small macro doing the same job.

Posted by Michael Schwarz on Wednesday, April 14, 2004


.NET Developer Meetings to look at code samples

I'd like to start a a developer meeting in Germany (Nuremberg) the next months. The idea is different from the idea of the .NET user groups. I heared about the INETA communities, but the problem here is that there are a lot of developers starting with .NET without any knowledge about .NET.

Posted by Michael Schwarz on Saturday, April 10, 2004


Remove login pages to a seperate page!

I looked arround in the web to find websites with security lecks. After months there is no change to the webmasters, they still offer login textboxes side-by-side to guestbooks or weblogs. Some weeks ago I posted a sample on how to allow javascript execution on websites with a mouseover. But this was not very good...

Posted by Michael Schwarz on Tuesday, April 6, 2004


VML class with Source Code

What do you think about our first VML class. I will spend more time on it to enable full scripting support for VML elements. At the moment it is only a first test. It is working as the Graphics GDI functions in System.Drawing. Have a short look on the samples:

Posted by Michael Schwarz on Tuesday, April 6, 2004


RSS Reader (or is it Feed Reader) Class Library

I am searching for a good .NET class library for RSS feeds that is free and can be redistributed also for free. Does anyone know a good version?

Posted by Michael Schwarz on Monday, February 23, 2004


XmlDocument/XmlElement and the xml:space

When using XML with the Microsoft.XMLDOM ActiveX object I had to put the xml:space attribute to every element where I do not want to remove the blanks at the end of the text. When trying to add an attribute with the name "xml:space" I do not get the result I want. Following short code I have to use to set the xml:space attribute in .NET (C#):

Posted by Michael Schwarz on Monday, February 16, 2004


OT: Help to find the best installation mode for Windows (XP)

I only have one good PC at home for development and surfing in the internet. Sometimes I download free-/shareware from the internet and install this software on this PC. After doing this more than 10 times my Windows XP performance will be going down. For this problem I bought Norton Ghost (http://www.symantec.com [1]) to save my Windows XP image to a DVD. If I now have problems with my Windows XP installation I put in the DVD, boot from it... and 10 minutes later I have a cleare Windows XP installation.

Posted by Michael Schwarz on Monday, February 9, 2004


Preinstalled .NET Framework

This week I am in Madrid, Spain, to install our software for a new customer. They have bought some new PCs, and the nice thing is that there is already a preinstalled version of Microsoft .NET Framework 1.1. They told me that there are already a lot of hardware stores that offer this service by default. Hardware stores worldwide: Please add this to your image, too! Thanks!

Posted by Michael Schwarz on Tuesday, February 3, 2004


Is this a security leck, what do you mean?

The last months there are a lot of discussions about the SCRIPT tag in WYSIWIG HTML editors. A lot of companies allow the user to add SCRIPT code to their guestbook, auctions, weblogs... If you add a script that is using the URL Spoofing bug you can collect private data or change the website.

Posted by Michael Schwarz on Wednesday, January 28, 2004


Windows XP SP2 Firewall and ConsoleApplication1

If you are using the new Windows XP SP2 (at the moment in beta) there will apear the firewall settings if one of your programs try to access the internet or are listening on at least one port. The Windows XP SP2 firewall will display all programs that tried to access the internet in one list. All of us that are creating ConsoleApplication1 for demonstration of libraries do not fill the settings in the AssemblyInfo.cs. The problem now is that you will not see any title in this list. After a rebuild the firwall wizard shows again the list with another item that will not display a title, so: Which one do you want to choose?

Posted by Michael Schwarz on Friday, January 23, 2004


Import XML Nodes from differnet XmlDocuments

Everytime I see a developer coming from Visual Basic or Javascript doing some XML developemnt I get a question: How do I import a XmlNode from a different XmlDocument?

Posted by Michael Schwarz on Thursday, January 22, 2004


DataGrid with optional columns and automatic width/height

I have created a first test for a datagrid that allows you to add optional columns that are displayed if there is enough space on the screen. The columns have a minimum width and can grow as there are no additional columns.

Posted by Michael Schwarz on Monday, January 19, 2004


Do you know the year 1601??

Today I tried to get the CreationTime of the bin/webapplication1.dll. I was in the wrong directory, so there was no webapplication1.dll. The nice think was, that I did not get any exception and a nice date: 1.1.1601 (minvalue of file dates).

Posted by Michael Schwarz on Tuesday, January 13, 2004


SMTP and POP3 Server beta running for testing

Currently not available!

Posted by Michael Schwarz on Tuesday, January 13, 2004


SMTP and POP3 Server with SQL Storage

Yesterday evening I found my old source code that was missing about two weeks after reinstalling my Windows XP. So, I have added the SQL storage for my incomming emails. For the moment you can only send to this SMTP Server, every email will be accepted and stored in the SQL Server. There exists only one POP3 user (you can use your own username/password, everyting will be accepted). You cannot delete a message with the POP3 -DELE- command, I will add this funtion this weekend.

Posted by Michael Schwarz on Saturday, January 10, 2004