Saturday, March 10, 2012

Two notes on Mixed security warnings

When deploying and testing websites that use secure connections (SSL)  we might get warnings about non secure content on the page. This is usually an easy thing to fix. Just find a tool like "Fiddler" and find out what traffic is going over a regular HTTP (non secure) channel.

Sometimes even a simple FIND over the code will let you find those "unsecured" elements. But that's not enough if you refer some javascript or refer a link over SSL that then does some non-SSL redirection.

 Each browser has a similar way to show you how secure you are on a website. Google Chrome shows website security indicators (icons) that will appear next to your site URL in the toolbar.

The first one (1) is just a regular site with no SSL, and we want number (2) the green one, you should avoid the other ones. Now two notes on that.

Google Ads
Don't use Google Adsense on your website if you use SSL and you care about your site not showing any warning, the ads will be functional, but they cause your site to display the fourth (4) indicator.

And that won't look very professional. It will give the impression that the certificate is not valid or that the user is at risk on your site, even when might be not true, because "you" the developer knows that is just an Ad, the user is not a developer. So avoid this.

Note: even if the ads are only in one page, once the browser hits that page, will show the warning, and even if you navigate away from that one, and go to other pages on the site without ads, it will still show the warning. 

Silverlight "medallion"
There is nothing wrong with Silverlight itself when it comes to security, however, the default code you place on a page when adding a Silverlight element, contains a link to Microsoft that will later redirect a non secure URL. The content on that URL is an image. Is the "Download and Install Silverlight" image.

In this case the warning from the browser is the number three (3), while is not critical, is not good enough. The line causing the problem is this one:

Don't bother changing the source of the image from http to httpS, it won't work. Instead, just download the image and host it yourself with your site.

Now the site won't show any warnings on any browser. Of course the Silverlight medallion will be the one you downloaded and not decided by Microsoft based on the culture. But security goes first...

Tuesday, March 06, 2012

Using WPConnect instead of Zune for Windows Phone development

Sometimes you get so used to do something everyday that you don't appreciate how much time it saves you. So in this entry I want to go back to the basics and comment on something I had been asked many times. I remember the times where we used Active Sync to connect Windows Mobile devices, is was not that hard but it could get tricky some times, depending if the device was connected via USB or Wi-Fi, emulators via  DMA and more. And to be honest, it was not that long ago. Fortunately the new Microsoft Windows Phone 7 series does this in a pretty easy way.

Besides being used to download apps, musics, podcasts or to sync content between the computer and the device. The Zune software is what we can easily use to "hook up" your device with your Visual Studio and deploy apps to your phone.

If you are a registered developer at Microsoft Marketplace just connect your unlocked/activated phone. Run Zune if not setup to auto-start. Then on the Visual Studio just  select to run on the device rather than on the emulator.

And that's it!

The catch...
While you are using Zune you will not be able to debug code related to the MediaLibrary,  that means anything related to open photos from phone albums or photo chooser task, music files, etc. The reason seems obvious since Zune is a synchronization software so it will be using those components. Although that could work better. The solution is to use the WPConnect.exe tool that comes with your Windows Phone SDK.

This executable file is located on your SDK folder. Go to C:\Program Files(x86)\ Microsoft SDKs\Windows Phone\v7.1\Tools\WPConnect\ and there is the program. Select the x64 or x86 folder depending if your are running 32 or 64 bit OS. Then run the WPConnect.exe from that folder. My phone is named "hobbit" see the screenshot below:

Now as a side note, Zune must be closed before running WPConnect.exe but you have to run it first when you plug in your device. So the steps are:
  1. Plug in your device.
  2. Run Zune if is not setup to auto-start.
  3. Unlock your device if it has a PIN number.
  4. Close Zune
  5. Run WPConnect.exe
Think of the steps 1-3 as a "handshake" because you won't need to do it again, and that's what you do every day when using Zune to sync to your phone. If the connection drops and Visual Studio fails to deploy the app, you can just re-run WPConnect.exe and you are good to go.

When connected using WPConnect you can debug your apps even if you make use of the media library on your phone. The only downside so far is that the WP7 is still missing the wireless support for development, which is something that we did have one Active Sync, and we need mainly when  developing apps that use the accelerometer or gyroscope and need to fight with moving/tilting the phone around attached to a 6 foot USB cord.