.NET UPDATE--June 12, 2003

This Issue Sponsored By

Windows & .NET Magazine http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475

===============

1. Commentary: Microsoft: .NET Web Services Key to Future Growth

2. .NET Tech: Protecting .NET Code

3. Announcements - Cast Your Vote in Our Annual Readers' Choice Awards! - Get Exclusive VIP Web Site Access!

4. Events - Security 2003 Road Show 5. New and Improved - .NET Development Tools - Submit Top Product Ideas

6. Contact Us - See this section for a list of ways to contact us.

==== Sponsor: Windows & .NET Magazine ====

Insider's Guide to IT Certification eBook Get the eBook that will help you get certified! The "Insider's Guide to IT Certification," from the Windows & .NET Magazine Network, has one goal: to help you save time and money on your quest for certification. Find out how to choose the best study guides, save hundreds of dollars, and be successful as an IT professional. The amount of time you spend reading this book will be more than made up by the time you save preparing for your certification exams. Order your copy today! http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475

==========

== 1. Commentary: Microsoft: .NET Web Services Key to Future Growth == by Paul Thurrott, News Editor, thurrott@winnetmag.com

During his keynote address last week at Microsoft TechEd 2003 in Dallas, Paul Flessner, Microsoft senior vice president of the Server Platform Division, delivered his company's product vision for the next several years, providing information about how .NET fits into the company's strategic plans. Before 2003, Microsoft seemed to consider .NET the alpha and omega, and the company was busy rebranding all its products with the .NET name and touting subscription-based software as the future. But today, the word in Redmond is integration, and Microsoft is working to ensure that all its products, technologies, and services work together cohesively. The idea is that any Microsoft product can work fine on its own but becomes a better solution when combined with other Microsoft products. "The way that happens is across that family of products, they look and feel and act like they were built to work together," Flessner said. "It's not always been the case at Microsoft, but we're working hard with the Windows Server System to make sure those things integrate more easily: ... a common execution environment allowing a multitude of choices of language." From a marketing standpoint, the buzzword this year is "system," as in Windows Server System and the Microsoft Office System. "System" means integration: These products are now more integrated so that they work better together. The glue that integrates them, however, is not .NET, as Microsoft previously planned. Instead, the company instituted a less formal process for making products work together. But that doesn't mean .NET is any less important than it was a year ago. Much of Flessner's speech was about .NET and the ways in which programmers and IT managers can use the technology to make life easier. Going forward, Microsoft believes that all new projects should be based on .NET when it makes sense, which is probably sound advice for application developers. All the company's future products will use and expose .NET Web services in the appropriate areas, so developers can programmatically access functionality in a clear and consistent manner. One example, the next version of Microsoft SQL Server (code-named Yukon), due in late 2004, is particularly exciting. This version of SQL Server will provide explicit .NET interfaces to the database's functionality; will let database administrators, scripters, and developers access stored procedures in any .NET-oriented programming language (such as Visual Basic .NET or C#; in current versions you must use the SQL Server-specific T-SQL); and will let remote applications and services interact directly with the database by using XML Web services. By building the .NET Common Language Runtime (CLR) directly into Windows Server 2003 and, presumably, all future Windows versions, Microsoft is ensuring that customers have the basic technology they need to run .NET applications and services without requiring a separate product installation. .NET is now part of Windows, an established baseline--like Microsoft Internet Explorer (IE) or Windows Media Player (WMP)--that developers can count on. Windows Server products might seem like a relatively small target compared with the hundreds of millions of deployed Windows desktops. But as Flessner noted, more than 9 million Windows-based servers are in operation, representing almost half of all deployed servers worldwide. Windows 2003 supports more than 2000 devices and runs more than 2500 applications, making it an impressive target market. After .NET becomes an integrated part of the Windows desktop, of course, all bets are off. The next few years will bring some interesting developments as programmers get up to speed with .NET-coding techniques. Today, more than 250 .NET Connected solutions are on the market. These products are .NET applications and services that meet Microsoft's strict logo guidelines. ".NET Connected means they're utilizing the Framework and they're also utilizing Web services," Flessner explained. "We are about making the whole ecosystem work and it's something that we have reinvigorated at Microsoft and are investing more and more money in." In closing, Flessner exhorted the audience, which comprised IT professionals and developers, to adopt .NET. "Please get connected with Web services. I think it's what we need to do as an industry," he said. "I hope you do it on the Microsoft platform. I hope you do it with .NET and I hope you implement with Windows Server System, but please get connected to Web services. It's how I think we can enliven our ecosystem and lower the total cost of ownership. The Windows Server System and our platform I believe ... \[is\] the lowest total cost of ownership platform for Web services."

==== 2. .NET Tech: Protecting .NET Code ==== by Christa Anderson, christa@winnetmag.com

In "'Just-in-Time' Compiling and .NET" ( http://www.winnetmag.com/articles/index.cfm?articleid=39282 ), in the May 29 issue of .NET UPDATE, I discussed the mechanics of just-in-time (JIT) compiling, wherein code is compiled at runtime. You might have realized the catch with JIT compiling: If code isn't precompiled, then someone can read it. You don't need much experience to read code and tell what it's doing or to extract useful information, even if you don't know the language well enough to write the code yourself. Even leaving aside the possibility that you don't want other people reverse-engineering your code and using all your nifty ideas, having access to code (as, for example, someone would who's hosting an application for you) sometimes means having access to sensitive information stored in the program. Obviously, this isn't an ideal situation. To get around this problem, you can use an obfuscator. A heavy contender with the Windows 2000 groveler service for one of the coolest-named tools in the Windows platform, the obfuscator makes your code unreadable--but still functional. Visual Studio .NET comes with an obfuscator, and you can download a more comprehensive version from http://www.preemptive.com/dotfuscator/dotcomdld.html . An obfuscator hides--obfuscates, to be more precise--the details of what your code is doing without changing the external behavior of the program (although not necessarily the underlying mechanics). An obfuscator might work by encrypting strings, hiding the flow of information, or hiding the names of variables. The reason for string encryption is probably fairly obvious. Even if you don't hard-code passwords or other sensitive data into an application, some strings can still be dangerous because they give intruders ideas about the location of sensitive information. If the strings are encrypted, your exposure to attack is limited. (Encryption introduces some performance overhead, just as encrypting a file makes it slower to open.) Obscuring the flow of information might be important to protect your ideas. If your code attacks a problem in a creative way, then you don't want someone to look at the code and steal your solution. To prevent code theft, an obfuscator uses statements to change the path of the code without changing the result. In other words, rather than following the straightforward path you gave it, the obfuscated code takes the scenic route. Someone can figure out the route, but obfuscation complicates the tasks and will likely deter intruders. Finally, hiding the names of variables also helps to obscure what your code is doing. Coding is like telling a story: You name the characters, then the characters do what they're going to do. You usually give objects names that represent their tasks--such as calling a user account oUser. This tactic simplifies storytelling but also makes figuring out the code’s task easier for anyone maintaining the code or trying to crack the code. Obscuring variable and property names by changing them to meaningless letters makes discovering the code's task much harder. According to representatives of PreEmptive Solutions, which makes Dotfuscator, the .NET obfuscator, you can give the same alias to multiple variables. Figuring out what code is doing would be hard if every variable and object method is called "a." An obfuscator doesn't change the source but rather the intermediate code used for JIT compiling. An obfuscator doesn't make reverse-engineering code impossible, just more difficult. Microsoft recommends that obfuscation should be the final step in creating any .NET code.

==== 3. Announcements ==== (from Windows & .NET Magazine and its partners)

Cast Your Vote in Our Annual Readers' Choice Awards! Which companies and products are the best on the market? Tell us by nominating your favorites in the annual Windows & .NET Magazine Readers' Choice Awards survey. Click here! http://www.winnetmag.com/readerschoice

Get Exclusive VIP Web Site Access! The Windows & .NET Magazine VIP Site is a subscription-based online technical resource that's chock-full of problem-solving articles from all our publications. For a limited time, you can access this banner-free site at which you'll find exclusive content usually reserved for VIP Site members only. Only VIP subscribers can access this site after June 13, so check it out today! http://vip.winnetmag.com

==== 4. Events ==== (brought to you by Windows & .NET Magazine)

Security 2003 Road Show Join Mark Minasi and Paul Thurrott as they deliver sound security advice at our popular Security 2003 Road Show event. http://www.winnetmag.com/roadshows/security2003

==== 5. New and Improved ==== by Carolyn Mader, products@winnetmag.com

.NET Development Tools ComponentOne released ComponentOne Studio for .NET, a tool suite for Visual Studio .NET 2003 developers that includes grid control and charting and reporting tools that integrate with the Windows .NET Framework. Contact ComponentOne for pricing at 412-681-4343 or 800-858-2739. http://www.componentone.com Submit Top Product Ideas Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to whatshot@winnetmag.com.

==== Sponsored Links ====

FaxBack Integrate FAX into Exchange/Outlook (Whitepaper, ROI, Trial) http://www.faxback.com/w2ksponsorlink

=========

==== 6. Contact Us ====

About the newsletter -- letters@winnetmag.com About technical questions -- http://www.winnetmag.com/forums About product news -- products@winnetmag.com About your subscription -- winnetmagupdate@winnetmag.com About sponsoring UPDATE--emedia_opps@winnetmag.com

=============== This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z

Manage Your Account You are subscribed as #EmailAddr#. Manage your email newsletter account on our Web site. Simply log on to change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters. http://list.winnetmag.com/cgi-bin3/flo?y=eNee0CFYDW0CBo0rvS0Al

Copyright 2003, Penton Media, Inc.