28 March 2007

Keeping your data secure online

There is a growing trend among the Web 2.0 sites of asking you to enter a username and password for some other site in order to perform an action. Two recent examples of this i've come across are Technorati which asks for your Blogger username and password in order to verify you own a particular blog and Facebook which asks for your e-mail account username and password in order to match you contact list against existing Facebook members.

As an IT professional i'm naturally skeptical of any such demand and in the case of Technorati chose to verify my blog ownership in a different way. Terms and Conditions and Data Protection declarations are one thing but you've no guarantee your details won't be stored in a database and if they are there's all the more chance they may at some point fall into the wrong hands. The only way to be sure is not to type them in in the first place.

A Blogger user account is one thing but Facebook asks for something totally different. I wonder how many people actually consider what data is stored in their e-mail inbox before they submit their details with the promise of being shown how many of their friends are already signed up.

When you sign up to the majority of sites you're e-mailed a confirmation containing all your details, including things like home and work addresses, phone numbers, date of birth, passwords and perhaps the most crucial of all, answers to secret questions e.g. mother's maiden name. If some unscrupulous person gets hold of your e-mail account password it will likely take them little effort to steal your identity, empty your bank accounts and max out your credit cards.

This article from the BBC Many net users 'not safety-aware' serves to reaffirm the point that a large number of net users simply do not think before typing their sensitive information into random websites.

12 March 2007

Reference type keys and .NET dictionaries

The default implementation of the Equals method for reference types is to call ReferenceEquals i.e. to test whether two variables reference the same instance of an object.

When using a ListDictionary the Equals method is used so you can be sure you will be accessing the correct item. However if you use a HybridDictionary, which will swap to a Hashtable for collections of more than 10 items, you can get inconsistent results. This is all down to the fact that the Hashtable uses the GetHashCode method to get a code which represents an object and this is then used as the key. As you will read here the GetHashCode method does not always return a unique code for dissimilar objects so you can end up accessing the wrong item of your dictionary.

To get around this you can either stick to using the ListDictionary or implement your own IHashCodeProvider for the classes used as keys in your dictionary.