Wednesday, November 01, 2006

ESRI users' conference & ArcGIS 9.2 release

Yesterday we have been in ESRI users' conference (the fifteen in Israel).

In the conference they announced on the new ArcGIS 9.2 release.

In the conference my company (because the applications that were develop in my team) won a prize for using and developing in the most modern ESRI software (we are the first company that developed application that using the ArcGIS-Server in Israel).

I will share some highlights from the conference with you:

1. ArcGis-Server is a new platform for comprehensive GIS solutions.

Main goals:

  • To manage the organization GIS data.
  • To publish the GIS data on a web browser.
  • To give displays of 2D and 3D.
  • Advanced GIS services (base on SOA).
  • Integration in the others enterprise systems like CRM, ERP, etc.
  • The ability to develop custom application using .Net & Java platform.

The ArcGIS-Server is divided to three licenses and functionality levels:

a) ArcGIS Server – basic edition.

b) ArcGIS Server – Standard edition (equal to the old ArcIMS software).

c) ArcGIS Server – Advanced edition (equal to the old ArcGIS Server software in version 9.1).

2. There is a new data container for GIS data is called "file geodatabase". "A file geodatabase stores datasets as a folder of files on the user's file system, much like a folder of shapefiles would be stored. Individual datasets can be as large as one terabyte, and there is no overall database size limit. Compared to personal geodatabases, file geodatabases improve performance, store vector data more efficiently, and improve concurrency and multiuser access over a network. They also provide an alternative read-only format for large vector feature classes and tables that provide additional performance improvements."(From ESRI documentation).

3. A new format – terrain to store massive datasets containing elevation or other surface data in the geodatabase.

4. ArcImage-Server – a new application that gives us on the fly functionality to display a crude data (supports multi users without a need to load the data into the GeoDatabase).

5. New features in GeoDatabase managing:

a) Spatial SQL for Oracle: The most interesting feature in the 9.2 version is the ability to make a SQL queries on the spatial data. A new amazing feature gives us the power to make DML commands directly on the SDE tables (and no, you don't need to install the Oracle Spatial extension for this job…), and for example, to add a new geographic entity without using the GIS-Server/Map objects/SDE API and etc.

b) Nonversioned Editing – in the last versions the only way to edit a geodatabase is in a version mode. In 9.2 version ESRI added a new option to do it, by using short transaction editing model.

c) Versioned Data Replication - The idea is that one GIS center has the ability to synchronize all your "sub" GIS servers. The synchronization process executes in LAN\WAN networks, and at constant periods of time or on-line.

6. ArcGis Explorer

This is a new lightweight application. The ArcGIS Explorer is one of the ArcGIS Server clients.

The ArcGIS Explorer gets its functionality from number of resources (Web services, ArcGIS Server, ArcIMS, Web Map Services).

In addition we can display data from local sources (shapefiles, file geodatabases, KML, JPEG 2000, GeoTIFF, MrSID, IMG, and other image formats).

For now, you can download the ArcGIS Explorer only from the ESRI beta program.

After you will finish installing it you should add new tasks, and I recommend that you will start from the free tasks from ESRI.

Friday, August 11, 2006

Introduction to Cryptography and Secure Communication

Last Friday I had a test in "Introduction to cryptography and secure communication" course (By Prof. Amir Herzberg) in collage of management (I study there B.Sc in computer science).

I learned a few interesting things in this course that I want to share with you:

  • Message Authentication:
    • Goal: The ability to check if the message is the real message or somebody changed the message over the net.
    • How does it work: We send an "extra" text (with the real message).We got it from the hash functions (MD5, SHA-1…) or from the block ciphers functions (DES, AES, CBC…). The function name is MACk (m) function (the k is a random number).
    • Disadvantage: May not secure the message (there is no trust that the message won't cover).
    • Conclusion: Use MAC to authenticate communication.
  • IP-Sec:
    • Goal: The ability to encryption and authenticate messages over networks. IP-Sec is working over the internet layer.
    • How does it work: It has two operation modes:
      • Transport (end to end): Change the protocol field in the IP-Header to AH or ESP. End to end – encapsulation by source host, decapsulation by destination host.
      • Tunnel(gateway to gateway or end to end): Entire original IP packet is payload (including header). Allows secure Virtual Private Network (VPN). We can activate these modes with one of these header protocols:
        • AH (Authentication Header) is used to authenticate the all IP packet.
        • ESP (Encapsulating Security Payload) is used to encrypt the message.
    • Conclusion:
      • IP-Sec is a protocol that protects all internet traffic.
      • Requires no changes in applications.
  • Principles of cryptography:
    • Assume that there are restrictions on adversary's capacities, but not on adversary's strategies.
    • Keys can be secret, but encryption design is known (Kerckhoff).
    • Limit the secret key usage and always refresh your keys.
    • The number of possible keys should be large enough.

  • SSL(Secure Socket Layer) & TLS(Transport Layer Security, the improved version for SSL):
    • Goal: Provides a secure tunnel (Confidentiality, message & connection integrity, server and client authentication) between the client and the server. The original goal was to secure credit card number transfer. Today, SSL/TLS are implemented in almost all web clients and servers. SSL/TLS are working over the transport layer.
    • Pros:
      • Easy to implement and use.
      • Deployed in most clients and servers.
    • Cons:
      • Protects only if there is an active use by the application.
      • Doesn't protect in DoS (Denial of Service) attacks.
      • Can be use only in end-to-end mode.
    • How does it work: It has 4 phases:
      • Establish Parameters – initiating data between the client and the server.
      • Server Authentication – the server sends its certificate to the client.
      • Client Key-Exchange – The client verifies the server's certificate and sends its part in the key exchange process (shared key in Diffie Hellman, encryption of random string in RSA).
      • Finish – Client and server send the finish messages (with HMAC code on the entire headshake message).
      • SSL Session Resumption: Use it when the client makes many connections to the same server (reduces overhead in handshake phases).
    • Conclusions:
      • SSL/TLS is the most widely deployed security protocol standard:
        • Easy to implement, deploy and use.
        • Very flexible.
        • Mature cryptographic design.

Tuesday, July 18, 2006

A problem in DCOM when working with Gis-Server on Windows server 2003.

Today Nati(one of my team-mate) and I, tried to install a Gis Application on a server that contain the Gis-Server(one of the ESRI company new product) that use it off course.

The server runs on Windows server 2003, with SP1.

We got this error:

"The application-specific permission settings do not grant Remote Activation permission for the COM Server application with CLSID"

One of the solutions to this problem is to give the "Activation and Launch" privilege to all users in Domain, on the ArcSom application(Trust me its works).

But it's a very bad solution (Security issues...), so I decided to look for a better solution over the net.

After a brief look, I found that this is a known problem, and ERSI even publish a specific patch to give an answer for this bug.

Finally I understood the problem: In the SP1 Windows Server 2003, Microsoft implement new DCOM communication restrictions that prevent users from launching or activating remote COM servers unless explicitly granted permission to do so. The ArcSOM process is a COM server and as such, must be configured to grant remote launch and activation privileges to users in the agsadmin and agsusers groups.

By the way, I think that ESRI patch works very similar to the "bad" solution, but I hope that they found a better solution.

Sending string in xmlhttp in correct string encoding format

Sending string in xmlhttp in a correct character encoding format

Yesterday, we (Shani – one of my team-mate, and I) had a strange problem in character encoding format.

We tried to transfer an xml (string in xml format not the XmlDocument Object) from client side to server side by xmlhttp object, and that xml contained a Hebrew characters.

When the xml arrived to the server side we took the string from the Request object in array of bytes format, then we built a string from this array, and loaded it to an xml object (XmlDocument class).

Then, in the xml property of this object we saw that the xml contain a gibberish in the Hebrew text (probably wrong string encoding format). I tried to add the xml header with the correct encoding declaration, and then to load it to an xml object, but it didn't work.

After a lot of thinking and searching I found the mistake.

I always look on the xml after I convert it from array of bytes to string, and only after I create the all string, I tried to change the string's encoding.

I found that maybe I needed to change the encoding in the beginning of the process, and then use the class System.Text.Encoding.

In this class I found a method that gets strings from array of bytes in UT8-8

encoding (8-bit Unicode Transformation Format).

And everything worked perfect, so next time you will want to send a string in "special" encoding format and to get the same string(in the same encoding format), you should use this method…

Example:



Thursday, July 06, 2006

Make a basic CallBack functionality (using XmlHttp object)

Hi,
It's so easy to implement a basic call back functionality (in asynchronous xmlhttp method) and to use it in your web pages(One of the Ajax implementation).
You just need to use XmlHttp object and to wrap the code with some java script function.

For example:
Code for client side:


And for server side:

And that's all, you have a basic CallBack functionality!



My new blog

Hi my name is avi wortzel.
I'm working in a big computer company, as a team leader.
I'll write here about a lot of things:

  • .Net
  • C#
  • Asp.net
  • Com+
  • Gis(ESRI Software)
  • Mangement
  • Analysis & Design
  • Life
  • Trips
  • And more...

I really hope that you will visit my blog, write me feedback, give me some advices or just read my posts.