Off to DevTeach Montreal!
I leave tonight for Burlington, Vermont en route to Montreal for DevTeach. Julie Lerman has already detailed my itinerary on her blog, so I won't repeat the details here, other than I plan to hang out back in Burlington for one day and do a long day hike on a section of Vermont's Long Trail. Then back to the grind. It'll be nice to hang out with Julie and Rich, as well as their delightful, slobbery Newfoundlands, Tasha and Daisy.
DevTeach, now in its third year, is one of my favorite conferences. Jean-Rene Roy and his wife and staff do a great job of putting it together and keeping it focused and intimate, a fun experience in the geekiest way. Last year Jean-Rene even got a standing ovation at the closing session. How often do you see that at a conference???
This year I'm doing four sessions, covering a variety of current and upcoming technologies:
Security Through Least Privilege
Least Privilege is one of the first principles of developing secure applications. But what does it mean? How do you do it? Why is it so critical? This session will explore how to develop apps that give the absolute minimum permissions to every user and login and still meet application and user requirement, as well as explore—gasp!—why developing without admin privileges on your development machine leads to much stronger and secure apps. Code access security is a great feature of the Common Language Runtime, but requires that you live the unprivileged lifestyle yourself. Least privilege isn't easy to use or implement, but in this day and age it is the only way you and your users have reasonable confidence in the security of an application. Come learn how to life the partially trusted life.
Store .NET App Data Securely
In the age of Code Access Security and partially trusted applications, where can you store application data? All applications need to save configuration and runtime data somewhere, but common solutions like the registry, databases, and disk files are fraught with security issues. This session explores various options for storage where you may not need special permissions. For example, .NET's isolated storage provides a secure, protected place to store data without the security issues of writing to a disk outside of your Web application and subdirectories. During this session we'll explore how to put these storage options to use in .NET applications while avoiding potential sources of security holes.
Visual Studio 2005's New Security Tools
Visual Studio 2005 includes new security tools that will provide static security defect detection, prevention, and mitigation features for both unmanaged and managed code. More than ever before, your everyday development environment will have the tools you need to build secure applications and, more importantly, verify that they are secure. There are still no guarantees that your apps will be bullet-proof, but at least you can rest easy that they are reasonably free of the most widely exploited security holes. Come learn about these tools and start helping your users rest better at night.
Using the XML Data Type
With XML as a native data type in SQL Server 2005, you are now faced with two query engines and syntaxes, good old SQL and the new kid, XQuery. It can be daunting to create queries that mix the two engines and it can be hazardous to your performance. This session will explore the XML data type and XML-specific T-SQL functions you can use with them, how to mix and match the syntaxes effectively, and how to build common queries that extract and modify data at a minimum of two levels: relational data and embedded XML.
Between that, the fun events, cool conference sessions from some amazing speakers, and getting to see my dear Aunt Marg, it'll be a great few days! If you're in the area, come on by. And there are a couple of user group sessions on Monday night.