.Text User Administration

.Text Comments

.Text is a great product. However, currently there'sย no comfortable way to administrate the users, but you have to edit and execute a SQL script. I don't know how Scott can manage all these 259 blogs at weblogs @ asp.net.

Since I am going to set-up an internalย .Text installation in my company with about 20 bloggers (hopefully), I was thinking about an easier way. I don't want to see 20 work-mates standing in front of me to set-up their blog...

Therefore, I've started to implement an on-line user administration. Here's what it currently looks like:

.Text User Administration

It just creates and updates users in the database. Some more things have to be done: For non-virtual set-ups it has to create the appropriate folder and the dummy default.txt file in it, but that's not implemented yet. Additionally, in the user database (i.e. blog\_Config) a flag has to be added for each user, whether he is allowed to administrate the users.

I would like to know, if anyone else (esp. Scott) is interested in that? Any comments are welcome.

DLL Search Order Changed in Latest Windows

Development Comments

I found the following breaking change in the MSDN article "Development Impacts of Security Changes in Windows Server 2003" by Michael Howard:

DLL Search Order Has Changed

No longer is the current directory searched first when loading DLLs! This change was also made in Windows XP SP1. The default behavior now is to look in all the system locations first, then the current directory, and finally any user-defined paths. This will have an impact on your code if you install a DLL in the application's directory because Windows Server 2003 no longer loads the 'local' DLL if a DLL of the same name is in the system directory. A common example is if an application won't run with a specific version of a DLL, an older version is installed that does work in the application directory. This scenario will fail in Windows Server 2003.

The reason this change was made was to mitigate some kinds of trojaning attacks. An attacker may be able to sneak a bad DLL into your application directory or a directory that has files associated with your application. The DLL search order change removes this attack vector.

The SetDllDirectory function, also available in Windows XP SP1, modifies the search path used to locate DLLs for the application and affects all subsequent calls to the LoadLibrary and LoadLibraryEx functions by the application.

via Paul Wilson.

Windows caches file dates

Development Comments

There's has been an informative discussion in CodeProject's Lounge regarding cached file dates.

Here some quotes from MSDN:

File Times A file time is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since 12:00 A.M. January 1, 1601 (UTC). The system records file times whenever applications create, access, and write to files. Not all file systems can record creation and last access time and not all file systems record them in the same manner. For example, on NT FAT, create time has a resolution of 10 milliseconds, write time has a resolution of 2 seconds, and access time has a resolution of 1 day (really, the access date). On NTFS, access time has a resolution of 1 hour.

and in the documentation of CreateFile:

Windows NT/2000: If you rename or delete a file, then restore it shortly thereafter, Windows NT searches the cache for file information to restore. Cached information includes its short/long name pair and creation time.