NHQueryAnalyzer is a tool originally written by Ayende, and now it is supported at this link. I think that it is really a good tool, very useful even to learn HQL query because gives you an immediate idea of what the query will looks like. Here is a screenshot. (‘I’ve hide some sensitive part because this is part of a project of a company I worked with).
Figure 1: A screenshot of Nhibernate Query Analyzer in action.
Query parsing is instantaneous, so you can immediately understand if your query is good or wrong.
Figure 2: Query errors are immediately detected and signaled
You can also press F5 to execute the query to the database and take a look at returned object.
Figure 3: Result of query execution, you can look at returned objects and navigate to the object graph.
If you are a NHibernate user and you use HQL, you should not miss this tool.
Alk.
Tags: NHibernate HQL
Tags: Nhibernate
I work with WebBrowser control in WPF, and one of the most annoying problem I have with it, is that sometimes you browse sites that raise a lot of javascript errors and the control become unusable. Thanks to my friend Marco Campi, yesterday I solved the problem. Marco pointed me a link that does not deal with WebBrowser control, but uses a simple javascript script to disable error handling in a web page.
1: <script type="text/javascript">1:
2:
3: function noError(){return true;}
4: window.onerror = noError;
5:</script>
This solution is really simple, and seems to me the right way to solve the problem. The key to the solution is handle the Navigated event raised from the WebBrowser control. First of all I have my WebBrowser control wrapped in a custom class to add functionalities, in that class I declare this constant
1: private const string DisableScriptError =
2: @"function noError() {
3: return true;
4: }
5:
6: window.onerror = noError;";
This is the very same script of the previous article, then I handle the Navigated event
1: void browser_Navigated(object sender, System.Windows.Navigation.NavigationEventArgs e)
2: {
3: InjectDisableScript();
Actually I’m doing a lot of other things inside the Navigated event handler, but the very first one is injecting into the page the script that disable javascript error.
1: private void InjectDisableScript()
2: {
3: HTMLDocumentClass doc = Browser.Document as HTMLDocumentClass;
4: HTMLDocument doc2 = Browser.Document as HTMLDocument;
5:
6:
7: //Questo crea lo script per la soprressione degli errori
8: IHTMLScriptElement scriptErrorSuppressed = (IHTMLScriptElement)doc2.createElement("SCRIPT");
9: scriptErrorSuppressed.type = "text/javascript";
10: scriptErrorSuppressed.text = DisableScriptError;
11:
12: IHTMLElementCollection nodes = doc.getElementsByTagName("head");
13:
14: foreach (IHTMLElement elem in nodes)
15: {
16: //Appendo lo script all'head cosi è attivo
17:
18: HTMLHeadElementClass head = (HTMLHeadElementClass)elem;
19: head.appendChild((IHTMLDOMNode)scriptErrorSuppressed);
20: }
21: }
This is the code that really solves the problem, the key is creating a IHTMLScriptElement with the script and injecting into the Head of the page, this effectively disables the javascript errors. I’ve not fully tested with a lot of sites to verify that is able to intercept all errors, but it seems to work very well with a lot of links that gave us a lot of problems in the past.
Alk.
Tags: WPF
Tags: Javascript
Tags: Javascript, WPF
Today I was working a little bit on Dexter, and I’m trying to update the security system, the actual login system is based on a membership provider quite old, but I’d like to update it to be CryptoAgile. First of all here is the class UserDto (the name Dto should be changed because it is really a domain class but we are in the middle of a reorganization 
so do not mind the name ) that has some methods to manage authentication.
To be flexible the class should support storing of the password in clear form (strongly discouraged) and in hashed form with salt (the default one). Here is the code of the ChangePassword function
The key factor is that the HashAlgorithm used is not hardcoded in source code, the trick is in the shared factory method HashAlgorithm.Create that permits to create a sha provider from a string code like: MD5, SHA1, etc. The user object stores used hash provider in a property called HashProvider and has a default value of SHA1 type.
This test verify that for a newly constructed User object the HashProvider is of SHA1 type, but since the HashProvider property is stored to database so we can apply a little bit of cryptoagility. Suppose that at a certain point in the future the SHA1 provider is broken. To solve this problem we can store a global application setting that tells the HashProvider to use, and when a specific algorithm is broken we can change it. I write a test to verify this.
This test uses a different VerifyPassword function, that pass both the password and the global Hash provider. In this test you can verify that the password is hashed with SHA1, but the software requires SHA512 to be used, so, after a successful login, the current password should change and the current HashProvider should be set to the default one.
The code to accomplish this is really simple.
If the password is good you can simply check if the required HashProvider is different from the current one, and if they are different you can change the HashProvider and recalculate the password using the current one. This is good because with this simple technique we are not bound to a specific hash provider and we can change the provider at any time.
alk.
Tags: Security
There are a lot of rules for usability of User Interface, and one of the most important one is not to clutter the user with strange error messages. Since the last update of skype, sometimes when I’m chatting with someone a “really useful” message box appears.
This windows does not communicate nothing to the user, moreover if you click ok nothing happens… skype continue to work with no problem. This design violates some best practice of the UI.
- It shows a completely unnecessary and obscure message to the user
- It presents only the Ok button, so the user cannot choose any options. A Modal dialog box should be used when the user need to choose an option.
- It shows a Red Cross, but the program works perfectly after this error.
- This messagebox popup in front of every windows, distracting the user and adding no value to UI.
Such a message would be better handled in this way.
- Since the program can continue to work after this event, log this information in a logfile, and maybe use a little "communication box” in the interface, instead of a modal messagebox with only an option.
- Send a logfile to the team, if this is an error, the development team can handle it an find a bug, the user does not need to see what is happened behind the curtain.
alk.
Tags: Architecture
I’ve just read this nice blog post, and I want to give my contribute to it 
.
I’ve started programming on a Vic20 Commodore computer, I began just with copying a couple of programs that are in the manual, and immediately being curious about the Basic language.
So I moved to a Vic20 programming course in Cassette and this was the very first thing that amazed me, the fact that I’m able to record a program on a audio cassette, I believed that they could be used only for music. I realize now, how many years are passed. After the course I was a “Basic programmer” 
, being able to manage memory with Peek and Poke and started realizing some little programs. My first programs are full of GOTO and were really “spaghetti code”, but when I began high school I moved to Pascal, and I began to learn how to give better structure to my programs.
One of the my most silly thing I believed, is that programming was a matter of hyper technical skills of programmers, now I realize how this concept is wrong. The most important success factor in a project, is having the right idea, understanding the needs of the user and doing good requirement management. Working in team really need more social and management skill than technical, and now I strongly believe that being hyper technical is only useful in a very few situations. In real life a good Application Lifecycle Management is the key of success.
alk.
Tags: Programming