Google Desktop Search

Have you seen this new Desktop search tool from Google? Essentially it's a search engine/application for use on your local machine, rather than the web. By default it indexes all files on your machine.

Google Desktop Search finds:

• Outlook / Outlook Express
• Word
• AOL Instant Messenger
• Excel
• Internet Explorer
• PowerPoint
• Text

A neat trick (which I guess it does with cookies for the www.google.com site) is that it puts a link on the existing www.google.com site to search your desktop instead of the web. A nice thing that it does is that it searches your Outlook emails - and returns results in super quick time! From a technical point of view, what it looks like is that it installs some kind of mini-web server - you search through the browser on an address of http://127.0.0.1:xxxx/.

Book Review: Design Patterns in C#

Design Patterns in C#

Covering all the classic Gang of Four software design patterns in one straighforward book, Steven Metsker gives some decent concrete examples of their application with the corresponding UML.

Design patterns help developers leverage the wisdom of the entire software community to build more robust higher-quality software. Now, for the first time, there is a complete patterns guide specifically for C# and .NET programmers.

What's good about the book is the writing style and the exercises. The author obviously has done a good job of applying design patterns to the .NET framework, utilising events, delegates and reflection. On the downside, what would be additionally useful would be more discussion about applying design patterns in non-standard situations.

All in all, this book would be an excellent addition to the stack of books you keep next to your workstation. My copy is almost always open at the pattern I'm using at the moment.

You can get a sample chapter of the book from the publishers Addison Wesley
Sample chapter

Attack of the Canonicalization-alisers

Canonicalization attacks are where malicious users try to gain access to files that they shouldn't by entering file names and paths that the system understands, but that you don't expect. It's quite possible that the following filepaths could (depending on the context) all point to the same file:

c:\dir\test.dat

test.dat

..\..\test.dat

When a URL is received by a Web server, the server maps the request to a file system path that determines the response. The canonicalization routine that is used to map the request must correctly parse the URL to avoid serving or processing unexpected content. For more information about canonicalization, visit the following Microsoft Web site:
http://msdn.microsoft.com/library/.../THCMCh04.asp

Also related to this KB article is somthing that Scott Watermasysk highlighted
ASP.NET Security Issue and Guidance about an ASP.NET Forms authentication vulnerability, which can be cured with the appropriate canonical checks.

Using Reflection to Bind Business Objects to ASP.NET Form Controls

This looks like a really useful way to simplify databinding ASP.NET controls to a generic business object. I've yet to use this in a fully fledged live project and so I'm not sure how accurate their performance metrics are. Off the top of my head I think I would implement these two methods 'BindControlsToObject' and 'BindObjectToControls' in a new class derived from the Page object, but whatever takes your fancy really.