Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Chris Gray - Building your own home server

Download

Right click “Save as…”

Chris Gray, a developer in the Windows Server team (yes, we've seen Chris before in the Windows CE videos) shows how to use managed code running on a Windows Mobile device to upload photo's from a Pocket PC to a home server - the demo shows the back end 'server' code and the code running on the device.

Tag:

Follow the Discussion

  • Paul D. MurphyPaul D. Murphy The Anti-Beer
    Speaking of home servers at TechEd 2001 I had breakfast with a lady named Susan Warren (does anyone know where Susan went?) and we got into a discussion about where Windows might go moving forward.

    I suggested that the home needed a proper server. Is there any talk up in Redmond about delivering a SKU for something like this? Resrouce sharing, shared storge, access control, etc... are all very compelling problems for the home moving forward into the 21st century.

    Any ideas?
  • MinhMinh WOOH!  WOOH!
    Susan joined up with Vertigo Software.

    See the details here:
    http://weblogs.asp.net/swarren/archive/2003/11/06.aspx

  • Paul D. MurphyPaul D. Murphy The Anti-Beer
    Minh wrote:
    Susan joined up with Vertigo Software.

    See the details here:
    http://weblogs.asp.net/swarren/archive/2003/11/06.aspx



    I thought she had since moved on. I suppose I'll try to ping here there though I had forgotten about that. Thanks.
  • MinhMinh WOOH!  WOOH!
    She could have. I haven't kept up much since I left Vertigo.
  • rhmrhm
    For a description of a slightly more ambitious home-server project see.

    Note, the guy in the story is using Linux. As far as I'm concerned the only advantage Linux has here is that it's free/no-cost (unsupported). I think that could all be done even easier on a windows box.
  • Funny end Smiley.

    Cool demo though. I never wrote a webservice, cool to see how it's done with an easy example!
    Is IIS able to run on XP home?
  • WhiskyFudgeWhiskyFudge Whisky Fudge
    mixelz wrote:
    Funny end Smiley.
    Is IIS able to run on XP home?

    No, (well not a supported way). It would be nice if there was a way to get IIS6 running on a XP Pro machine as well.
  • Yeah, ONLY 256Mb Ram and ONLY a 2Ghz machine... Is THAT all...

    I do a heck of a lot more on a 500Mhz/128Mb RAM thin-client 'server'...

    Also, you are going to get sued by www.myhost.com and that setup is very insecure, if someone attacks the terminal server (And they will) then they can gain access to your entire wireless network. Also, using administrator ... wow...  

    You can check your DNS with a simple 10 program that connects to the HTTP server, gets a header and disconnects. I have one in my startup group, written in VBA.

    Your web-service is easy to 'hammer', so cracking that password that would allow you to inject an image of your own and also to inject HTML via the filename of the image. Also, and more importantly, you're not checking the file-extension of the file that is being uploaded... If the server is configured badly then this could allow ASP.net code injection and thus binary file execution on the server.

    You would have been better to strip the last 4chars from the filename (.jpg) and then re-add them as a constant. Also does MapPath check for ..\ in the filename? If not then you could do

    Server.MapPath("pics\\" + "..\..\..\..\..\..\..\..\Windows\Myfile.exe");


    I'm going to pretend I didn't see that GOTO jump in your code.
  • I like those avatars of Paul D. Murphy and rhm A LOT Smiley)
  • Manip,

    I don't think he's trying to win the coding award of the year. He repeatedly says how insecure the setup is and how you SHOULDN'T use his code in a production environment. He was just trying to show easy it is to create a basic moblog in .NET. Picky, picky, picky.
  • I am saying you shouldn't use that code in ANY enviroment. And as a lot of 'noobies' will take example code, mess with it and use it as their own, these people will end up releasing very insecure systems.
  • AnaliseAnalise Main
    I now that this isn't the right place, but could someone direct me, to instruction how to set up a windows xp behind a NAT to accept remote connections? I mean what is necessary to config in the router.

    Thanks,
    Paulo
  • Paul D. MurphyPaul D. Murphy The Anti-Beer
    Manip wrote:
    I am saying you shouldn't use that code in ANY enviroment. And as a lot of 'noobies' will take example code, mess with it and use it as their own, these people will end up releasing very insecure systems.


    I agree 100%.
  • figuerresfiguerres ???
    Analise wrote:
    I now that this isn't the right place, but could someone direct me, to instruction how to set up a windows xp behind a NAT to accept remote connections? I mean what is necessary to config in the router.

    Thanks,
    Paulo


    you find out what ports you wan to connect andlet the nat forward them.

    most D-Link / Linksys type boxes have a web gui that will ask you what ports to open and what inside ip to hand them over to.

    some services require you also map other settings.

    say for example ftp is port 21 so ip 1.2.3.4 port 21
    goes to ip 192.168.0.101 port 21

    id rather *NOT* map an XP box .... Id rather use a 2003 server with a lot of stuff blocked!
  • John Melville-- MDJohn Melville-- MD Equality Through Technology
    Manip wrote:
    I am saying you shouldn't use that code in ANY enviroment. And as a lot of 'noobies' will take example code, mess with it and use it as their own, these people will end up releasing very insecure systems.


    I disagree.

    There is a real need for concise examples that illustrate only ONE aspect of a system.  They're not made to be modified and run, they're made to be read and understood.  If you mess them up with a lot of unrelated security code, they are more robust as programs, which they were never intended to be, and less valuable education, which is the purpose for which they were written.

    The only way to not be a 'nobbie' (a term I detest,) is to become educated.  Thus manip argues that inexperienced programmers are too stupid to be trusted with the very examples by which they might become educated.  (I trust the even manip must have once been a 'nobbie.'  I know I was.)

    This example is a clear illustration of a simple solution using a mobile client and a server.  It is clearly and repeatedly labeled as insecure.  An inexperienced programmer who uses this in a production enviornment can blame only his or her failure to read, not inexperience.

    I can see that some programmers might benefit from more involved examples of complete systems.  I have generally found the too complex to be of much educational value for me.  I think simple examples are helpful for some of us, please don't eliminate them just because they might be misused.
  • mikehallmikehall Mike
    I really like *simple* demos, the Bluetooth video I recorded with Anil Dhawan was like 20 lines of code on the device side, and about the same on the PC side - it's a simple demo, that shows how to do something - once you get the concept you can 'extend and embrace'... We've all been new to coding with a new language, another application development framework, or a set of tools at some point, heck, I didn't start playing with managed code until a couple of years ago, what was the first application... "Hello World" or something similar...

    - Mike
  • Manip, your exactly right that this demonstration is insecure - please let me stress *that it's not to be used in a production environment* I hoped to convey this message a bit more clearly in the demo, thanks for bringing it to my attention,  I'd hate for someone to get hacked because they had the wrong assumptions about this code!  My goal in making this video was to share my excitement for integrating Windows Server with WindowsCE by highlighting only one aspect of the system (managed web services).

    Please let me stress to anyone viewing this demo,  before placing any service on the Internet make sure you've configured your server securely and that your code is reviewed wherever appropriate.  Please follow the Microsoft guidelines for creating secure code.

    Thanks!
    -Chris

  • In the video you said the code example would be posted somewhere?

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.