Computer Internet network security News

Advice From Successful Freelancers: Starting and Maintaining A Freelancer Career

For the e-book, Advice from Successful Freelancers: How They Built Their Careers & How You Can Too!, I asked ten questions of freelancers who were living their dream life. Following are some of their answers. They cover successful marketing techniques, how to get clients and more!

1. Why did you start freelancing? Yuwanda Black, Writer, Editor, Small Business Columnist

My sister and I worked at the same company. We were freelancing on the side. Once we realized that we were making more as freelancers than as full-time employees, she quit and started Inkwell Editorial. Once the business was able to support two salaries, I joined her, which was one year later (1997).

2. How long have you been a full-time freelancer? Eileen Coale: Marketing & Corporate Communications Writer

I don’t work full time. On average, I work about 15 hours a week, sometimes a bit more. I work mornings until my youngest gets home from kindergarten, and sometimes I’ll put in evenings and Saturdays as well. Sixty to 70% of my work hours are spent networking and marketing to get assignments. The remainder is spent writing. In another year or two, I expect that ratio to flip.

3. How many years of experience do you have? Marcy L. Brown: Cataloging, Indexing & Information Management

I have five part-time years of indexing, but 10 years of library employment including cataloging, some indexing, and information management.

4. Do you specialize in a certain area, e.g., legal, medical, production? If so, what? Cathy Moore: Writer, Instructional & Marketing Copy

Instructional writing and marketing copy. I write appealing text for any readability level, including kids.

5. What specific marketing tips have you personally tried that worked? Jennifer Lawler: Writer, Editor

I tried a direct mail letter to editors that included the type of editing I could do, a few companies I had worked for, and my business card printed in such a way that it could be popped right onto someone’s rolodex. This letter generated so much business for me that I never had to do another direct mail package.

6. How do you get most of your clients? Katharine O’Moore-Klopf: Editor, Copy Editor, Factchecker

When I first started freelancing, I got them mostly by word of mouth, and some were former employers. Now, I get them mostly by word of mouth and via my Web site.

7. Under what circumstances would you turn down work? Jennifer Dirks: Journalist, Editor, Writer, Speaker

I’ve turned down work if the pay (or potential payoff) won’t compensate me for the work I’d put into it. I also once turned down work from a magazine publisher who in the past has asked for several rewrites without explanation and I was unsure if anything new I did for her would ever please her.

8. Approximately how many hours a week would you estimate you work? Nan Yielding: Copywriter

Anywhere from 50-60. I pretty much work a 9-hour day … weekends included. However, I do allow myself some time off every so often to just ‘play,’ so it averages out.

9. If offered a well-paying, full-time position, would you accept? Please explain why you would accept/refuse. Richard Adin: Desktop Publishing & Copyediting Services

This cannot be answered yes or no; there are too many factors that I would have to consider. “Well-paying” is important but also important, perhaps more so, are matters of responsibility and challenge.

10. What is the number one piece of advice you would offer to freelance newbies? Rachel Goldstein: Web Developer, Graphic Designer, Muralist

In order to assure your chances for the greatest success, you should do some self-evaluation before you leap into freelancing. Not only does it take a special temperament to run a successful business, but it also takes talent and expertise in your field. This includes some or all of the following personality features: self-confidence, common sense, innovation, and ambition.

freelance web designers

Website Freelancers Jobs

Read handy know how about how to get back with ex – study this web page.

ASP.NET security

This is a common claim, and completely preposterous. Even if you could decompile to the absolute original source, including comments, local variable names etc, that wouldn’t make the application Open Source Software. The Open Source movement is about software licences – what you have the legal right to do. If the author of the software doesn’t let you have the source without reverse engineering it, that isn’t Open Source Software. (There’s more to it than that, of course, but that’s enough to show the absurdity of the myth.)

How Severe Is The Problem?

Many developers have been shocked by how easy it is to decompile their code, and fear that it means they no longer have any way of protecting their intellectual property. In practice, I don’t believe the problem is nearly as big as it’s claimed to be. Firstly, intellectual property is almost always within the design of a system, not in the individual bits of implementation. If you design a world-beating application, chances are that the reason it’s world-beating will be obvious to anyone who uses it anyway. Only a very few areas in computing are really all about which algorithms are used, and how they’re implemented – areas such as sound and video compression.

Have you ever tried to read a large amount of code without any documentation, comments or meaningful local variable names? In my experience, it can be hard enough to understand code when you do have design documents and comments, let alone without it. Now, let’s make it even harder

ASP.NET security, Decompilation algorithms, ASP.NET security, ASP.NET-security, Decompilation, developers, intellectual_property, open_source_movement, open_source_software, reverse_engineering

Authorization is the process of determining the accessibility to a resource for a previously authenticated user. Note that authorization can only work on authenticated users, hence ensuring that no un-authenticated user can access the application. The syntax for specifying authorization in ASP.NET is as follows.

<authorization>
< [ allow | deny ] [ users ] [ roles ] [ verbs ] />
</authorization>

In ASP.NET, there are the following types of authorizations.

• URL Authorization
• File Authorization
• Authorization based on ACLs

File Authorization is performed by the FileAuthorizationModule, and is active when the application is configured to use Windows authentication. It checks the access control list ( ACL ) of the file to determine whether a user should have access to the file. ACL permissions are verified for the Windows identity or, if impersonation is enabled, for the Windows identity of the ASP.NET process.

URL authorization is performed by the URLAuthorizationModule, which maps users and roles to URLs in ASP.NET applications. This module can be used to selectively allow or deny access to arbitrary parts of an application ( typically directories ) for specific users or roles.”
Authorization like authentication is specified in the web.config file of the application. The following is an example of how we can use authorization in ASP.NET using the application’s configuration file.

<authorization>
<allow users=”Joydip”/>
<deny users=”Jude”/>
<deny users=”?”/>
</authorization>

It is also possible to specify the location to which the authorization settings defined in that particular location is applicable. Refer to the following code snippet that illustrates this.

<configuration>
<location path = “Test.aspx”>
<system.web>
<authorization>
<allow users = “?” />
</authorization>
</system.web>
</location>
</configuration>

You can also restrict or grant a GET or POST to one or more users of the ASP.NET application. The following code snippet illustrates how we can allow the user “Jude” to do a POST while the other users can do only a GET.

<authorization>
<allow verb = “GET” users = “*” />
<allow verb = “POST” users = “Jude” />
<deny verb = “POST” users = “*” />
</authorization>

Tags: asp authorisation, asp.net, asp, authorisation

ASP.NET security accessibility, ASP.NET security, ASP.NET-security, authenticated_user, authenticated_users, syntax

According to MSDN, “When using impersonation, ASP.NET applications can optionally execute with the identity of the client on whose behalf they are operating. The usual reason for doing this is to avoid dealing with authentication and authorization issues in the ASP.NET application code. Instead, you rely on Microsoft Internet Information Services (IIS) to authenticate the user and either pass an authenticated token to the ASP.NET application or, if unable to authenticate the user, pass an unauthenticated token. In either case, the ASP.NET application impersonates whichever token is received if impersonation is enabled. The ASP.NET application, now impersonating the client, then relies on the settings in the NTFS directories and files to allow it to gain access, or not. Be sure to format the server file space as NTFS, so that access permissions can be set”.

Note that Impersonation is disabled by default and can be specified in the web.config file as shown in the code snippet given below.

<identity impersonate=”true”/>
or
<identity impersonate=”false”/>

To impersonate a particular identity, specify the following in your application’s web.config file.

<identity impersonate=”true” username=”joydip” password=”jude”/>

Tags: impersonation asp.net, impoersonation, asp.net, asp

ASP.NET security application_code, ASP.NET security, ASP.NET-security, Authentication, authorization_issues, code_snippet, impersonation, internet_information_services

Passport authentication is a centralized authentication service that uses Microsoft’s Passport Service to authenticate the users of an application. It allows the users to create a single sign-in name and password to access any site that has implemented the Passport single sign-in (SSI) service. The following code snippet illustrates how we can implement Passport Authentication in ASP.NET.

<configuration>
<system.web>
<authenticationmode=”Passport”>
<passportredirectUrl=”LoginForm.aspx” />
</authentication>
<authorization>
<deny users=”?” />
</authorization>
</system.web>
</configuration>

Tags: passport authentication, asp.net, passport, authentication

ASP.NET security ASP.NET security, ASP.NET-security, authentication_service, centralized_authentication, code_snippet, Microsoft security, passport_service, ssi

Windows Authentication is used to validate a user based on the user’s Windows Account; however, this is only applicable in intranet environments where the administrator has full control over the users in the network. The following code snippet illustrates how we can implement Windows Authentication in ASP.NET.

<authentication mode=”Windows”/>
<authorization>
<allow users =”*” />
</authorization>

Note that the symbol “*” indicates all users inclusive of Authenticated and Anonymous users. Windows authentication can be of the following types

• Anonymous Authentication
• Basic Authentication
• Digest Authentication
• Integrated Windows Authentication

In the Anonymous Authentication mode IIS allows any user to access an ASP.NET application without any authentication checking.
In Basic Authentication mode users will be required to provide the Windows user name and password; however, this is very insecure.

The Digest Authentication mode is identical to Basic Authentication with the exception that the password is hashed before it is sent across the network.
In Integrated Windows Authentication mode, the passwords are not sent across the network; rather, the application uses some network authentication protocols for it to operate.

Tags: asp.net, windows authentication, asp, authentication

ASP.NET security ASP.NET security, ASP.NET-security, Authentication, code_snippet, intranet_environments, validate

1. A client generates a request for a protected resource.
2. IIS receives the request, and if the requestor is authenticated by IIS, or if IIS Anonymous Access is enabled, the request gets passed on to the ASP.NET application. Because the authentication mode in the ASP.NET application is set to forms, IIS authentication is not used.
3. After a ticket is issued by the application, ASP.NET just checks the ticket for validity using a message authentication check. Applications do not need the credentials in the *.config files. In fact, ASP.NET does not check them after the cookie is issued, even if they are present. If the user is authorized, access is granted to the protected resource; or the application might require an additional test of the credentials before authorizing access to the protected resource, depending in the design of the application.
4. If there is no cookie attached to the request, ASP.NET redirects the request to a logon page, the path of which resides in the application’s configuration file. On the logon page, the client user enters the required credentials ( usually a name and password ).
5. The application code checks the credentials to confirm their authenticity, usually in an event handler. If the credentials are authenticated, the application code attaches a forms ticket containing the username, but not the password. An application could include the password, but ASP.NET treats it like one opaque username string. If authentication fails, the request is usually returned with an Access Denied message or the logon form is presented again.
6. If the user is authenticated, ASP.NET checks authorization, as in step 3, and can either allow access to the originally requested, protected resource or redirect the request to some other page, depending on the design of the application. It can also direct the request to some custom form of authorization where the credentials are tested for authorization to the protected resource. If authorization fails, ASP.NET always redirects to the logon page.

Tags: forms asp.net, forms, authentication, asp.net

ASP.NET security application_code, ASP.NET security, ASP.NET-security, check_applications, code_checks, configuration_file, config_files, credentials, message_authentication

The ASP.NET security framework accomplishes this by working in conjunction with the various security subsystems present in the machine where ASP.NET is installed. This includes security provided by the operating system ( NTFS file access permissions ) as well as security provided by IIS ( host or IP address authorization ).

And since ASP.NET is built on the Microsoft .NET Framework, the ASP.NET application developer also has access to all of the built-in security features of the .NET Framework, such as code access security and role-based user-access security.

It is imperative to understand how the various security subsystems interact, to be able to secure your ASP.NET application effectively.

Basically, to enable security for an ASP.NET application, you need to configure the application to implement, at the very least, the two fundamental functionalities

Tags: asp.net, asp, authentication, authorisation

ASP.NET security ASP.NET security

Time for a short commercial break: O’Reilly has just announced the Rough Cuts version of Programming ASP.NET AJAX, the second edition of Programming Atlas. I am currently revising the Atlas book for the final ASP.NET AJAX release; the Rough Cuts version gives you the opportunity to get a sneak peak what is coming. As with the Programming Atlas Rough Cuts, we plan to update the Programming ASP.NET AJAX several times before the printed book is finally published.

Read more at nospam@example.com (Christian)

ASP.NET security ASP.NET security

Just a quick note: Microsoft has just released Beta 1 of the next Visual Studio code-named “Orcas” (Team System and Professional Edition and TFS) for MSDN subscribers. A public download for everyone, however, are the “Orcas” Express Editions. The website labels them as Community Technology Previews (CTP), but since their release coincidse with the “Orcas” beta for Visual Studio, they are most probably using the same codebase.
Update: Forgot to mention that there are also VPC images available, time-limited though.

Read more at nospam@example.com (Christian)

ASP.NET security ASP.NET security, ASP.NET-security, beta, community_technology, Microsoft security, orcas, professional_edition, visual_studio

Just saw that Microsoft unveilled the official name of the technology formerly known as WPF/E: Silverlight. All related downloads like the browser plugins, the SDK and the samples have been renamed accordingly. Strange, I would have expected such at announcement at MiX, but I guess there will be other major announcements then
If you want to see Silverlight in action prior to MiX, visit the Munich .NET User Group this Thursday where I will speak about it, as usual with lots of demos.

Read more at nospam@example.com (Christian)

ASP.NET security ASP.NET security, ASP.NET-security, browser_plugins, Microsoft security, silverlight, user_group, wpf

Atlas supported page methods: A functionality to embed web service methods into .aspx pages and consume them with JavaScript. For instance, if you had the following method:

[WebMethod]
string sayHello() {
return “Hello”;
}

—you could consume this method from JavaScript using the PageMethods.sayHello() call.
With ASP.NET AJAX, this has changed a bit. You have to change WebMethod to ScriptMethod, but you also have to edit the ScriptManager control to explicitly support page method calls:

<asp:ScriptManager id=”asm” runat=”server” EnablePageMethods=”true” />

Otherwise, ASP.NET AJAX no longer creates the necessary JavaScript proxy for the web service calls.
Also, you have to change the method a bit:

It additionally needs the ScriptMethod attribute
It must be declared as static

Here is one possible way:

[System.Web.Services.WebMethod]
[System.Web.Script.Services.ScriptMethod]
public static string sayHello() {
return “Hello”;
}

(Part of the Atlas to ASP.NET AJAX Migration series.)

Read more at nospam@example.com (Christian)

ASP.NET security Ajax security, ASP.NET security, ASP.NET-security, aspx, atlas, web_service