Dennis J. Bottjer | MVP ASP.NET

http://msdn.microsoft.com/events/devdays/sessions/ is a series of four web casts on the smart client sample app, Issue Vission.  The web casts include a general into about smart clients, securtity, data access, and deployment.  I especially liked the Data Access and Deploment Web Casts.  Issue Vision can be downloaded at www.windowsforms.net

Microsoft has built a network of Windows XP Honey Pots.  These XP boxes are running as Virtual Machines.  The network is being used for security research.  The machines have each been patched to various degrees and have special software to record any changes to the system made by an exploit.  http://www.eweek.com/article2/0,1895,1817822,00.asp

On a recent project I had a choice between using Web Services and Remoting.  http://www.thinktecture.com/Resources/RemotingFAQ/default.html is an excellent resource about remoting.  In the end I chose Web Services but I think it is interesting to understand why.  First .NET Remoting is a good technology for interprocess communication when developing purely in the .NET environment.  Next, .NET Remoting is very fast when serializing binary data over TCP.  Remoting is also a good choice when you are operating on an internal LAN. 

I was work in a pure .NET Environment and I needed for my web application to validate Routing Numbers.  I choose to build a Web Service for several reasons.

• Web Services is standards based (XML, WS-I, DISCO, WSDL, etc.)
• Web Services are easy to consume.  Just add a web reference.  This reference can be dynamic. (Set in web config.)
• Have strong industry support
• Still Fast
• Easier to understand for a less skilled deverloper than Remoting.
• Web Services Scale Better.  Use of the web service could easily be given to customers at a later date.

I ran across this http://www.codeproject.com/smartclient/rssfeeder.asp very nice Open Source RSS aggregator.  All source code for the project is available.  Furthermore, the application can be run as a stand alone smart client or within Outlook.  Nice!  The app also has posting capabilities.

There are many great topics of debate in software development.  DataSets Vs. Objects, Smart Clients Vs. Web Apps, and Stored Procs Vs. Dynamic SQL.  Many have argued that writing stored procedures is rigid and doesn't allow for an easy way to build detailed where clauses.  Furthermore, SQL Server 2000 caches execution plans so in theory SQL Statements should be optimized if used often.  Finally, .NET allows for parameterized queries helping to protect dynamic queries from SQL Interjection. 

Even with these arguements against stored procedures the arguements for them are greater.  First, Stored Procs use less bandwidth to do the same amount of work as a dynamic query.  For example, if my client application is using dynamic SQL then it has to pass the entire SQL statement to the SQL Server for processing.  In contrast, if the client application is using stored procedures all it has to do is call the stored procedure by name and pass to that procedure any required parameters.  By using stored procedures less information is sent from the client to the server to do the same amount of work.  Note: This can also be viewed as a security benefit because less information is being transmitted accross the wire that describes the exact design of your database.  Next, Stored Procedures can be controlled by database security.  That is a user be denied access to the tables within a database but be granted access through stored procedures.  The stored procedures become the only way that user can read, add, update, or delete data from the database.  Using stored procedures provides a useful layer of abstraction and a cleaner application design  It is possible for a change to be made within a store procedure that will not require modifications to the application.  If the client application were using dynamic sql such changes could only be made through a code change and then a redployment.  Store Procedures can implement batch processing easier and more effectively than dynamic SQL.