Recent Articles

Never Leave Source Code on the Server

Lately, I've been building compiled modules for DotNetNuke. In contrast, the default way of building DNN module is to include source code on the server.

I'm not a big fan when it comes to deploying source code on the Web server especially with the new Web Site projects that comes with VS.NET 2005. If your server got hacked before, you'll understand why source code on the server is a very bad idea. Of course, if you're running PHP, Perl, or classic ASP, you're out of luck and hope you have a good firewall and intrusion system on your network.

The Unit Converter module I built is an example of a compiled module that doesn't leave any trace of code on the server. Of course, if you can get hold of the assembly, there's always ways to reverse-engineer .NET library. I didn't spend the extra effort to obfuscate it since there was nothing important about this code. I'll even share the little bit of intellectual property with you at the end of the article on how I managed the possible combinations of conversion from one unit to another in a practical way.

Most people keep their database connection strings in plain text on the server along with their source code. A seasoned hacker who compromised your system can easily take control of your database and steal any sensitive information. You also lose the intellectual property contained in the source code.

Unfortunately, starting VS.NET 2005, in an effort to lure script programmers (ASP, PHP, Perl, Ruby, etc), Microsoft introduced Web Site projects and App_Code deployment essentially encouraging developers to deploy source code on the server and have it dynamically compiled. This new model opens up another bad programming practice, which is allowing developers to edit-in-place code on the production machine.

Under pressure from enterprise clients, Microsoft did eventually release SP1 for VS.NET 2005 restoring Web Application projects allowing web sites to be compiled and deploy only DLLs and .ASPX to the server. Still, many developers have taken root with Web Site project and fallen into the bad habit of leaving source code on the server.

If you're running Web Site project and currently deploying source code to server, I strongly recommend that you convert your project back to Web Application project and deploy only the assemblies to the server.

Coming back, if you're still interested to learn how I managed the various unit conversions, please read on. First of all, we make sure to convert within the same group of measurement (mass with mass, power with power, etc.). Every conversion is made up of the linear mathematical relation

Standard = A * Value + B

Then, the next thing we need to do is take the value and convert it into a standard unit (let's say kilogram for mass is our standard). Now from the standard, we convert to the desired unit using the reverse relation:

Value = (Standard - B)/A

So at all times, I only need to keep track of how to convert a given unit to its standard form. For example, I only need to know how to convert Pounds to Kilogram, Ton to Kilogram, Milligram to Kilogram and with that information, I know enough to convert from Ton to Pound, Pound to Milligram and so on... Fantastic !