Skip to main content

Posts

Showing posts from April, 2010

Signing Assemblies with a Strong Name

Code Analysis/FXCop warned me that my credit card application was not signed with a Strong Name, which would make it more difficult to determine if the assemblies had been tampered with. For more information on Strong Names and why they're a good thing, see this Tech Republic article.

you first need a cryptographic key before you can sign an assembly. The key is created using the sn.exe tool provided by the Windows SDK.
sn.exe -k sgKey.snk
I added my sgKey.snk file to my project in Visual Studio, and then in the Application's properties I went to the Signing tab, checked the "Sign the assembly" box, and specified my key file.

I had forgotten that I used a 3rd party library to manage logging the user out after a configurable period of inactivity and their assembly was not signed. You can't sign an assembly unless all of its dependencies are signed as well, which makes sense. You need to replace the unsigned assemblies with signed ones first.
If you can compile the 3rd …

Code Analysis in Visual Studio

Continuing to play around with Visual Studio 2010 Ultimate, I ran the Code Analysis tool on some code I had written for a customer-- a desktop-based application which securely stores credit card information using hardware identifiers as portions of the encryption key. I started with over 300 warnings and have now worked them down to around 120 warnings or so. Those that remain are Globalization related, which I'm not concerned about since it was a one-off project that is unlikely to be internationalized. FxCop, the utility which Code Analysis is based on, is freely available online.

Visual Studio 2010 Released

If you haven't heard the news already (which I hadn't because I typically don't keep up with such things), Visual Studio 2010 came out earlier this month. I've been playing around with Visual Studio 2010 Ultimate (a 90-day trial version is available) and I must say I'm impressed. Microsoft has finally added common features like block editing and text-zoom, an Extension Manager to extend the IDE à la Eclipse, and support for jQuery. If I were a Fortune 500 company hacking out Windows code all day I could justify a couple of licenses if it really helped my developers efficiently produce a more secure and stable application, but the price tag puts it far out of reach for my needs. I'll stick with either VS2005 or C# Express 2010.

I'll probably post a few follow-up entries as I explore more throughout the next 90 days, so be sure to keep an eye out!