Joel has been talking about resumes and the hiring process lately, a subject which fascinates me. Something he said today really struck home: The number one best way to get someone to look at your resume closely: come across as a human being, not...

Recall that in Part One we discussed eval on the client, and in Part Two we discussed eval on the server. Today, I answer a question about eval in JScript .NET. S omeone sent me mail the other day asking why this C# program snippet didn't work: ...

Finally, we get to the last unexplained bit on the IObjectSafety interface. What's the "use dispex" flag for? I'll go into the rationale for the IDispatchEx interface in another entry. As far as its security impact goes, we had to solve certain...

I talked earlier this month about some issues in subclassing, and recommended sealing your classes. A Joel On Software reader asks why Microsoft ships so many sealed classes in the framework. The poster said: " I've yet to see a reasonable explanation...

The only JScript functions which change their semantics when the security system is on are the ActiveXObject constructor and the GetObject method which we have already covered. VBScript has only four methods which are restricted or changed when the security...

Hey, this is my 100th post on Fabulous Adventures in Coding since I started in September. Good thing I type fast. I'm sure that most of you are familiar with the classic "software ship cycle" used by Microsoft and myriad other software companies...

Ideally the call to QueryCustomPolicy would take an argument representing the moniker for the persisted state so that this could be taken into account when the Security Manager made its decision whether or not to allow the persisted state to load. Unfortunately...

I spent the weekend falling down Whistler and Blackcomb mountains with slippery boards attached to each foot. I'm getting better at falling at least -- in all my wipeouts I managed to keep my skis on, which was a big improvement over last year's multiple...

Suppose for a moment that a non-IE script host has asked the script engine to be safe for untrusted data but has not turned on the "use Security Manager" bit. Suppose further the host passes in this data (from an untrustworthy and therefore potentially...

A couple readers have commented that yes, my conjecture that people will continue to use the twentieth-century COM scripting interfaces for some time yet is correct. (And my statement that the documentation on these has been less than 100% complete for...

Joe Bork comments on things people ask when they find out you work for Microsoft . Me, I get the same three over and over. 1) Are you a millionaire? (This one crops up less often since the dot com bust.) 2) Do you know Bill Gates? 3) Can you...

I want to continue my foray into the security semantics of the script engines this week, for a couple of reasons. First of all, this information isn't really clearly documented anywhere outside of our internal documentation. Most of the interfaces...

I'm pleased to announce that the good people at MSDN and the good people at ASP.net have worked together to set up a special site for Microsoft bloggers like myself. http://blogs.msdn.com is a new site hosted by http://weblogs.asp.net . ( Either prefix...

I want to start this year by rambling on a bit about security and script, how various code-based and role-based security systems work, and so on. (I'll probably get back to rambling on about the JScript .NET type system at a later date.) Those of you...

A Joel On Software reader made the mistake of stating in my presence: "VB is to VBScript as Java is to JavaScript." Though I can see some truth in that, I'd classify that as a poor analogy. Why? Because VBScript was...

Hey, I'm back! And in my new location. That was the longest and least relaxing vacation I've ever taken. Fun, yes. Relaxing, no. And to top it off, my kitchen is not done yet. We're shooting for being able to run water tonight and actually use appliances...