Code Repurposing and Untrustworthy Data

This is just a generic launching place for four other blog entries, since I seem to send them to people on a regular basis and sending one URL is easier than four Code repurposing · http://weblogs.asp.net/ptorr/archive/2003/10/16/56270.aspx · http://weblogs.asp.net/ptorr/archive/2003/10/21/56296.aspx Untrustworthy data · http://weblogs.asp.net/ptorr/archive/2004/04/12/111342.aspx · http://weblogs.asp.net/ptorr/archive/2004/04/13/112404.aspx


A useful regfile for VSTO

Here’s a quick post with a regfile you can use to help you test your VSTO projects. Cut and paste the text below into a text file (be careful of line wrapping) and save it with a reg extension. Then open up regedit (as a member of the Administrators group) and select File -> Import……


VBA Take Two: Responding to some comments

  The other day, Karl Levinson added a comment to my previous entry about the Outlook OM. He raises some interesting points, so I thought I’d reply here. (Karl, please don’t take any of this personally; I hear the same arguments from people all the time, and it’s something I believe very strongly in —…


Why does Outlook have an OM?

This one could be controversial In a recent comment, Edd James (note to Edd: that link gives a 403) asks why Outlook and Excel “need this ability to run scripts/macros[?]” First I want to clear up a common misconception about Outlook: Despite what the endless ill-informed posters on Slashdot might claim, no recent version of…


Follow up to “Don’t trust that data”

Eric makes some good points in a comment to my last post. Nevertheless, the forces of evil within me compel me to respond anyway. (You should have blogged it, Eric ). Eric’s main point is that the employee doesn’t need to use formulas in order to fool the expense report system — he can simply…


Don’t trust that data!

A while ago I wrote a couple of blog entries on code repurposing and some mitigations, and one of the main causes of that problem is that developers inherently trust data. The text box caption says Name, so it’s always gonna contain the user’s name, right? Nobody is ever going to put a SQL query…


Balancing Security and Usability

I’m often tempted to write about viruses and what I think the next “innovation” might be, but then I get scared that I might get put in jail (or deported) should any of my ideas ever see the light of day. (Not that I think the virus writers need any help coming up with new…


Andrew Whitechapel’s blog

Laugh-a-minute Andrew Whitechapel has started a blog at http://blogs.officezealot.com/whitechapel/ Andrew (like the other Andrew) hails from the UK, and even though he likes the Pet Shop Boys he promises to try very hard not to mention them. He should, nevertheless, have some great info on managed code, Office, VSTO, etc. from a “real world” perspective….


Don’t use ApplicationClass (unless you have to)

A comment on Mike Howard’s blog exhibits a common problem that I see time and time again: developers are creating instances of Word.ApplicationClass or Excel.ApplicationClass in their projects. Even though it’s the wrong thing to do, I don’t blame them for doing that. I blame IntelliSense. First things first: What’s the right way to do…


Beware of AutoSave and DocumentBeforeSave

One of the cool things about Word is that it auto-saves your work so that if the machine dies or the app crashes you can get most of it back again. One of the other cool things about Word is that you can customise the built-in dialogs — such as the Save As dialog —…