I was recently asked by a very technical and very sharp friend of mine about the symantics of permissions on copy.
I figured if he needed some guidance on how this works then there must be a ton of other developers who could use a refresher so here goes:
There are alot of reasons that a developer or QA engineer must use copy or move to get their applications running for test or even for production. The problem is that the same old processes that worked so many times before can often mask a misconception or two that arise as “bugs” when the moons do not align to make the old process function as expected. Case in point. You want to deploy a web application which has notoriously particular permissions requirements. If copy has always worked in the past, but on the new server you are getting strange permissions then you might be forgetting some of the rules.
The first thing to take into account is whether this is this a move within the same volume (nothing fancy) or a move across volumes (maybe obscured by DFS) or even just a plain old copy (often the case).
A move within volumes would mean you should have the permissions preserved. A move across volumes is actually a copy and a delete combined and means you are just getting the permissions of the target folder which is by design and this is also the behavior of a copy unless you use something like scopy which preserves permissions.
If a copy in the past has preserved permissions and you didn’t use scopy (very handy by the way) then either there is a setting in Windows that I am unaware of (please enlighten me) or you got lucky in the past and the target folder permissions were what you expected.
Usually file permissions and especially the semantics of permissions on copy vs. move are the domain of network types. In many cases it helps alot to be a mongrel from both worlds.
Category Archives: Development
Community Credit
Like the Code Camps another good idea is coming out of the Microsoft Developer Evangelists. This time it is a web site with an interesting concept. If you go to http://www.community-credit.com/DevCommunity.aspx you will see it in action and also be able to see the people who are working hard to build their technical communities. Think of it as an ongoing public resume where people who contribute to the community get credit for their efforts.
I think this is a good step in building a nice feedback system so the dev community keeps going.
Check it out.
Ted Neward has a new site
Ted Neward just launched his new site at http://www.tedneward.com. Check it out, Ted is one of the most interesting and intelligent people I know. If you ever need to cross the .Net platform with Java then he is the guy to take a lesson from.
More on the ClickOnce security question
Microsoft has chimed in on the questions about ClickOnce security raised by Dominick Baier and basically is asserting that this is a non-issue.
I am not buying. I think that using the excuse that older technologies do something a certain way undermines the principle of secure by default.
What do you think?
Must See TV
If you are at all into security or even if you just think technology is cool then you have to watch the latest episode of the The Code Room. In this latest episode you will see our own Duane Laflotte, our resident top hacker as part of the team of evil doers that hack a casino in vegas.
I think it is really well done and makes some good fundamental points about security in a very entertaining way.
When you need a Custom Membership provider
When I was in Cairo for the MDC a few weeks ago, I gave several talks that touched on the new membership controls in ASP.Net 2.0. One question that came up repeatedly was how far can you stretch the provider before you have to write a custom membership provider. The answer turns out to be not very far. The provided membership providers are very good and very extensive, but they are also fairly rigid in their implementations.
I think I have the 3 criteria that will force you to realize that you need to bite the bullet and write your own membership provider:
- If you need to access your own schema that is different (in any way) from the schema provided. Running Aspnet_regsql.exe creates a database and if you need to edit that schema then you cannot live without a custom provider except if you are adding tables for your own use, but bear in mind that the provider will just ignore your additions.
- If you need to access data in someplace that is not supported. Even if you want the same schema as the default providers support, you cannot use a proprietary database for that data and expect the providers to just work. The XML provider is the most common example (though not very real world), but you could think of many scenarios including SQL 7.0 where a custom provider would be in order
- If you need / want to insert some abstraction between the provider and the data. Stefan Schackow of Microsoft had a great session at PDC 2005 in which he demonstrated creating a provider that allowed for the situation where your web servers were not in direct contact with the database server. To solve that problem he wrote a provider that took a web service endpoint as its connection string.
So as you can see you are quite likely to find yourself having to write your own provider. The good news is that it really isn’t that hard to do once you have done it once or twice 
.Net 2.0 ClickOnce Security Concerns
Dominick Baier of DevelopMentor, wrote on Saturday about a pretty dramatic change in the way ClickOnce security is configured by default in the RTM version of .Net 2.0.
This is a must read if you plan to use ClickOnce and haven’t already revamped the default security settings. If you don’t like the ramifications that not being able to disable ClickOnce brings then rather than avoiding the .Net 2.0 offering you might consider the lesser step of just removing the .application mapping from your systems.
I am hopeful that Microsoft will come up with a fix in a service pack to .Net 2.0 as they did in the original .Net 1.1 that will address this default.
Languages with purpose
A number of the Microsoft Regional Directors and I have been posting back and forth all day about the C# vs. VB.Net issue, but not in the way that contentious bone usually plays out.
Rocky Lhotka not only started the thread, but he also was the first to bring it into public space with his post and quote from one my my analogies.
The point I would like MS to get is that while C# and VB.Net are very useful and powerful each in their own right, they work to cross purposes. The biggest problem is that in spite of vastly different syntax and heritages there is a little difference between them to the effect that you can’t walk into a development shop and say “you will save 30% of your time coding in C# because your projects are mostly X type”. That is the type of distinctive purpose I want and that is what my customers by and large want. A decision point, a clear guideline, a stated objective.
At the moment I think both language are trying to do the same thing but for people with different prejudices vaguely based on their backgrounds. While choice is generally good it can be bad when it leads to paralysis. Jim Allchin once said that having brought NT to market, if he had it to do over again he would remove every single user configurable setting as they were the source of all the heartache.
The analogy that comes to mind for this situation (and the one borrowed by Rocky) is that as a commander in combat I know when to use a Tank (plodding and durable lethality) and I know when to use a A-10 (fast, manueverable and vulnerable lethality), but if you make tanks fly and add a few feet of armor on an A-10 then you get the same muddy water we have between C# and VB.Net. Those that know me will forgive the military analogy
New Cannot Miss Tech Show Premieres
Carl Franklin has done it again by teaming up with Scott Hanselman to bring us the podcast called HanselMinutes. HanselMinutes is a deep technology podcast that I find very compelling as well as informative. The combination of personalities (both of whom I am very happy to know well) is just easy to listen to. I learned more than I expected in just the first show.
I often listen to Carl’s other shows including .Net Rocks, but I will be adding this to my Outlook schedule as new editions come out.
Fast Tips for VS 2005
About a month ago I signed up for a newsletter called FastTips by Microsoft. My old friend, Thom Robbins had a big hand in creating this and actually has done many of the demos I have watched (very well I might add). I often get asked where people should go to get up to speed faster and I can’t think of a better way to push learning then a push based technology like this newsletter. You can subscribe to FastTips here.
You can’t know everything, but if you don’t work at it you will soon find that you don’t know enough.