I use VBox here.Some of these XP ISO's are really spectacular!But I have run into a problem.In a lot of these sites many files are listed as pulled by the author or removed because of copyright infringements.A little further on I see XP ISO's offered by the Pirate Bay.I personally would not download from them.Is this Internet stalking?They block my download and put their Pirate Bay stuff in the ISO to declare it theirs?This has happened many times and follows the browser search.I currently suspect that in downloading the actual download is very fast but there's someone in there slowing the rest down.With Torrents you get the Torrent file then with a Torrent client program you continue the download.If the program is a one gig download,the file that usually resides in your documents folder reads as the full download.In properties the file is one gig big.This is no more then a few moments after you establish the link.(I think that the Pirate Bay is Italian.)
http://thepiratebay.org/
Discussion on:
View:
Show:
A couple of months ago I attended a user???s group meeting where Marcus Egger w/EPS Software espoused many of the same views you do here. What I did not realize was that with WCF you could pass strongly typed custom data. By removing the XML serialization it becomes truly useful.
I'll admit at this point I am new to WCF, so I'm still learning. I have come across a couple of issues which I know will require further understanding (on my part) before implementing.
One is security. Obviously if you expose your data via a web service of any kind it needs to be secured in some fashion (unless it is public data and exposed read-only). I'm not sure I understand at this point how the application can effectively pass authentication to a WCF service. Does it have to pass it each call, or is there a "single sign on" that can be negotiated. Along with authentication there is the issue of authorization. Should the web service handle the user authorization to specific endpoints, or is that the client's job?
The other quandary is validation. As you mentioned in the article client side validation is a smart thing to do. Better to catch it before the round trip to the server is made. However I would also think the web service, as the gatekeeper to the data, would be required validate the data as well. This would ensure valid data before committing, even if the client did not. Does this now mean I have to duplicate my validation? I suppose this is not entirely a new issue, we have all been told for years to use client side validation, but don't rely on it (user could have scripts disabled), so you end up validation on the service side as well. Am I missing something here?
I'll admit at this point I am new to WCF, so I'm still learning. I have come across a couple of issues which I know will require further understanding (on my part) before implementing.
One is security. Obviously if you expose your data via a web service of any kind it needs to be secured in some fashion (unless it is public data and exposed read-only). I'm not sure I understand at this point how the application can effectively pass authentication to a WCF service. Does it have to pass it each call, or is there a "single sign on" that can be negotiated. Along with authentication there is the issue of authorization. Should the web service handle the user authorization to specific endpoints, or is that the client's job?
The other quandary is validation. As you mentioned in the article client side validation is a smart thing to do. Better to catch it before the round trip to the server is made. However I would also think the web service, as the gatekeeper to the data, would be required validate the data as well. This would ensure valid data before committing, even if the client did not. Does this now mean I have to duplicate my validation? I suppose this is not entirely a new issue, we have all been told for years to use client side validation, but don't rely on it (user could have scripts disabled), so you end up validation on the service side as well. Am I missing something here?
With WCF, authentication happens on every call. It's HTTP after all, so there's no authenticated session to maintain. Authentication is typically done at the IIS level (I suppose you could pass in a username/password as a parameter if you really wanted, and authenticate like that), so if you want granular permissions you use impersonation and access the DB as that user.
Validation... yes, ALWAYS validate server side, even with client side as well. But we've been used to having to do this anyways, so it's really nothing new. There are some better systems out there which automatically take the server-side rules and generate client scripts for it, though.
J.Ja
Validation... yes, ALWAYS validate server side, even with client side as well. But we've been used to having to do this anyways, so it's really nothing new. There are some better systems out there which automatically take the server-side rules and generate client scripts for it, though.
J.Ja
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
