My first thoughts on Dojo

There is a little known (to me) javascript library out there called Dojo I dove into this week.  Basically it is a massive open source javascript library focused on UI and AJAX.  So visiting their website(very nicely done btw) and checking out some of the examples I was pretty impressed with what could be done pretty easily.  My goal during the whole process was to build a drag and drop + resizable widget which is useful for some projects I’m working on.  After a few days of tinkering I have learned a lot and see that advantages of Dojo.  It can be painfully simple to do common task using Dojo, although you need to get your hands a bit dirty if you need additional functionality out of a widget.  I was unsuccessful in getting my widget working without modifying the resizable widgets source.  I guess I’ve made new widget now altogether. 

To date my main criticism of dojo is the documentation.  I’m not going to go so far to say there isn’t any, but it is really lacking for someone that wants to do more than just the simple examples they have shown.  The book of dojo is a nice run broad rundown of things while the most useful part of it is the examples you get when you download the scripts.  On the dojo website they mention a few books out now, so I may jump on that.

It is also worth noting I have been trying to get this same functionality out of Microsoft’s Ajax with minimal success.  I have found using a .net update panel combined with the ajax controls can be a significant headache if you want to extend the basic features even minimally.  One would assume the onResize event invoked by a resize control would be able to trigger an update panel, think again.

Tagged: , , ,

Microsoft IIS blamed for mass SQL injection attacks

So in the past week slashdot has made two post over this including many other sites.  Apparently there is a bot running the net attempting sql injection on a specific brand of sites.  Nothing to write home about correct?  This one is nothing particularly special in that if your asp page is open to sql injection and you run MSSQL server you are open to the bot.  The bot floods the database with a specific javascript include which runs malicious code when it is pulled from the database.

What is particularly annoying with all of this is that bad coding practices are the root cause for all of this.  You have sites like slashdot blatantly spinning the issue around on Microsoft.  Sorry, I have criticisms of MS just like everybody else, but this is flat our preventable by sanitizing your queries.  Instead of writing a sensationalist post spouting big 6 digit numbers and throwing around the word vulnerability, how about trying to understand the problem.  When I first saw this article being a webmaster I naturally wanted to find out why the REAL issue was instead of wading through a page of spin. 

If you want the REAL story on what this is all about read this well written explanation of the problem.

Tagged: , , ,