InfoQ

InfoQ

InfoQ

En | 中文 | 日本語 | Br

562,907 Jan unique visitors

News

My Bookmarks

Login or Register to enable bookmarks for unlimited time.

The content has been bookmarked!

There was an error bookmarking this content! Please retry.

How .NET Handles Standards Compliance that Result in Breaking Changes

Posted by Jonathan Allen on Feb 16, 2007

Sections
Process & Practices,
Architecture & Design,
Development
Topics
.NET ,
Change ,
Security
Tags
Standardization

Two security classes in .NET, HMACSHA512 and HMACSHA384, have a bug. It isn't an earth-shattering bug, but it does produce results that are inconsistent with the standard. The .NET Security team shows how this will be handed so that current applications won't break when the code gets fixed.

The HMACSHA512 and HMACSHA384 classes produces "results which are not consistent with other implementations of HMAC-SHA-512 and HMAC-SHA-384". This will be addressed in a future service pack, at which time all the programs relying on the old behavior will break.

The first step in addressing this is to add a property called "ProduceLegacyHmacValues". This will allow new programs to explicitly use the old behavior.

In order to support pre-existing programs that happen to be using the new version, a configuration value has been created. The key, legacyHMACMode, can be set in the applications configuration file or at the machine.config level.

Since not everyone is going to hear about this fix before it is too late, warning messages will be placed in the event log and when debuggers are attached to programs that use these classes. Once the change has been handled, the warning message can be disabled using the legacyHMACWarning configuration key.

InfoQ Asks, Is Microsoft handling this the right way?

 

Related Sponsor

In today’s hyper-competitive world, later may be too late to adopt Agile development and this Roadmap for Success will help you get started. Download "Agile Development: A Manager's Roadmap for Success" now!

No comments

Watch Thread Reply

Educational Content

Jesper Boeg on Priming Kanban

In this interview, Jesper Boeg, author of the new InfoQ book – Priming Kanban, discusses the keys to using Kanban effectively, and how to get started if you are currently using other approaches.

New-age Transactional Systems - Not Your Grandpa's OLTP

John Hugg discusses high volume transaction processing applications with high and low frequency profiles, and how VoltDB can be used for that purpose.

Cool Code

Kevlin Henney examines code samples to see what can be learned from them starting from the premise that one won’t write great code unless he knows how to read it.

Collaboration: At the Extremities of Extreme

Jason Ayers share the observations he made watching a team of developers collaborating in real time on the same code base, pushing XP, pair programming and continuous integration to their extremes.

Yesod Web Framework

Michael Snoyman presents Yesod, a web framework written in Haskell and containing a web server, templating, ORM, libraries (templating, gravatar, etc.).

Transactions without Transactions

Richard Kreuter and Kyle Banker on how to avoid classical RDBMS transactional systems by using compensation mechanisms, transactional messaging or transactional procedures.

Attila Szegedi on JVM and GC Performance Tuning at Twitter

Attila Szegedi talks about performance tuning Java and Scala programs at Twitter: how to approach GC problems, the importance of asynchronous I/O, when to use MySQL/Cassandra/Redis, and much more.

10 tips on how to prevent business value risk

One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor.