Jeremy Davis
Sitecore, C# and web development
One of the big things in IT security in recent times has been the successful attacks black-hats have launched against the infrastructure of cryptography. As we all come to rely on encrypted communications more and more, the vulnerabilities in old ciphers have become more of a problem to us developers and administrators. Vulnerabilities like Drown and Poodle are just two examples of a trend which means we all now have to worry about how our crypto is configured before we allow the internet to see a server.
But whenever you tie down security more tightly you risk causing problems when software relies on the thing you've just disabled...
I spent some time recently investigating why certain aspects of the Coveo for Sitecore search framework were broken on a client's server, and the answer ended up being directly related to crypto security. Here's what happened:
I've been using the built-in code snippets in Visual Studio for years, but for some reason until last week it had never crossed my mind to work out how to create my own. After getting bored writing the same chunk of code too often, I was reminded of the old saying "You should automate any task you have to do more than once". So I decided to have a go at some snippets. Turns out it's both a useful trick to know, and not hard to do:
