Chris Gray - Building your own home server
- Posted: Feb 21, 2005 at 12:59 PM
- 141,174 Views
- 18 Comments
Chris Gray, a developer in the Windows Server team (yes, we've seen Chris before in the
Windows CE videos) shows how to use managed code running on a Windows Mobile device to upload photo's from a Pocket PC to a home server - the demo shows the back end 'server' code and the
code running on the device.
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
More posts in this blog
-
Bob Palmer - Tour of Microsoft Studios
-
Chris Gray - Building your own home server
-
Charlie Owen and John Canning - Media Center…
Follow the Discussion
Oops, something didn't work.
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.sign up for email notifications?
I suggested that the home needed a proper server. Is there any talk up in Redmond about delivering a SKU for something like this? Resrouce sharing, shared storge, access control, etc... are all very compelling problems for the home moving forward into the 21st century.
Any ideas?
See the details here:
http://weblogs.asp.net/swarren/archive/2003/11/06.aspx
I thought she had since moved on. I suppose I'll try to ping here there though I had forgotten about that. Thanks.
Note, the guy in the story is using Linux. As far as I'm concerned the only advantage Linux has here is that it's free/no-cost (unsupported). I think that could all be done even easier on a windows box.
Cool demo though. I never wrote a webservice, cool to see how it's done with an easy example!
Is IIS able to run on XP home?
No, (well not a supported way). It would be nice if there was a way to get IIS6 running on a XP Pro machine as well.
I do a heck of a lot more on a 500Mhz/128Mb RAM thin-client 'server'...
Also, you are going to get sued by www.myhost.com and that setup is very insecure, if someone attacks the terminal server (And they will) then they can gain access to your entire wireless network. Also, using administrator ... wow...
You can check your DNS with a simple 10 program that connects to the HTTP server, gets a header and disconnects. I have one in my startup group, written in VBA.
Your web-service is easy to 'hammer', so cracking that password that would allow you to inject an image of your own and also to inject HTML via the filename of the image. Also, and more importantly, you're not checking the file-extension of the file that is being uploaded... If the server is configured badly then this could allow ASP.net code injection and thus binary file execution on the server.
You would have been better to strip the last 4chars from the filename (.jpg) and then re-add them as a constant. Also does MapPath check for ..\ in the filename? If not then you could do
Server.MapPath("pics\\" + "..\..\..\..\..\..\..\..\Windows\Myfile.exe");
I'm going to pretend I didn't see that GOTO jump in your code.
I don't think he's trying to win the coding award of the year. He repeatedly says how insecure the setup is and how you SHOULDN'T use his code in a production environment. He was just trying to show easy it is to create a basic moblog in .NET. Picky, picky, picky.
Thanks,
Paulo
I agree 100%.
you find out what ports you wan to connect andlet the nat forward them.
most D-Link / Linksys type boxes have a web gui that will ask you what ports to open and what inside ip to hand them over to.
some services require you also map other settings.
say for example ftp is port 21 so ip 1.2.3.4 port 21
goes to ip 192.168.0.101 port 21
id rather *NOT* map an XP box .... Id rather use a 2003 server with a lot of stuff blocked!
I disagree.
There is a real need for concise examples that illustrate only ONE aspect of a system. They're not made to be modified and run, they're made to be read and understood. If you mess them up with a lot of unrelated security code, they are more robust as programs, which they were never intended to be, and less valuable education, which is the purpose for which they were written.
The only way to not be a 'nobbie' (a term I detest,) is to become educated. Thus manip argues that inexperienced programmers are too stupid to be trusted with the very examples by which they might become educated. (I trust the even manip must have once been a 'nobbie.' I know I was.)
This example is a clear illustration of a simple solution using a mobile client and a server. It is clearly and repeatedly labeled as insecure. An inexperienced programmer who uses this in a production enviornment can blame only his or her failure to read, not inexperience.
I can see that some programmers might benefit from more involved examples of complete systems. I have generally found the too complex to be of much educational value for me. I think simple examples are helpful for some of us, please don't eliminate them just because they might be misused.
- Mike
Manip, your exactly right that this demonstration is insecure - please let me stress *that it's not to be used in a production environment* I hoped to convey this message a bit more clearly in the demo, thanks for bringing it to my attention, I'd hate for someone to get hacked because they had the wrong assumptions about this code! My goal in making this video was to share my excitement for integrating Windows Server with WindowsCE by highlighting only one aspect of the system (managed web services).
Please let me stress to anyone viewing this demo, before placing any service on the Internet make sure you've configured your server securely and that your code is reviewed wherever appropriate. Please follow the Microsoft guidelines for creating secure code.
Thanks!
-Chris
Remove this comment
Remove this thread
close