Querystring manipulation attack is one of the most common methods of attacking a vulnerable web site. Basically it involves changing querystring passed to webpage. Let me show this with an example:

Lets say you have a page on your site to search orders. In search results the OrderID has as a hyperlink pointing to a page ShowOrderDetails.aspx?id=XYZ, where XYZ is the actual orderid (eg. ShowOrderDetails.aspx?id=34).

A user can visit the ShowOrderDetails.aspx page and change the ID value and see any order. This is could be a problem if your site requires a login and not all users are allowed to see all orders. Even if all users are allowed to see all orders, this could still cause problems. Someone can easily write a program to loop through all orders and scrape all the data. This could be a risk based on the sensitivity of the data.

To solve this, you can simply check if a user is “logged in” in ShowOrderDetails.aspx page and avoid unauthorized access. But it will still allow any registered/valid user to see all orders, which may not be desirable.

An easy way to fix this is to encrypt the ID that’s passed in the query string (eg. ShowOrderDetails.aspx?id=XyS3frfasYFx). You should use a strong encrytion algorithm like DES or TrippleDes. The framework library has classes for most standard encryption algorithms.

Now that you’ve encrypted the ID in the querystring, you’d assume your application to be pretty secure. But, there’s still one way to see unauthorized orders: Browser history. The querystring is stored in browser history, so technically you can see all orders someone else has seen if the brower history is available. This defeats the encrypted query string.

One way to prevent this problem is to either use/include the sessionId (or userid) as a part of the key that’s used to encrypt/decrypt orderid. This would give a different encrypted string for the each session/user. Even if a different user click a link in the history, his sessionid/userid will be different, hence decryption will fail.

Notes:

1) The session is active until expiry or browser window closure, so technically, you’re still at risk if the user doesn’t log off from your site and leaves the browser window open (even if he has closed the tab that had your site open).

2) Some people suggest using HTTP_REFERER to prevent querystring manipulation. But its very easy to break since http headers as sent in plaintext over network. Also you can simply use the WebBroswer control in a .NET WinForms application to change the href of any link and hit the link. This defeats the HTTP_REFERER check.

3) Query string manipulation attack is not restricted to GET. POST method is also vulnerable since the information is sent in plain text over the network.

Introduction : Multi-threaded programming is the real challenge for developers .With many threads running in the system to accomplish different tasks ,it’s very much required to keep track of the status & manage individual threads.There are different ways to achieve the thread management e.g. Thread pooling,Thread concurrency API ,Thread groups etc.

I will give a simple example to manage & keep track of the thread status.

In a particular multithreading scenario ,say the requirements are -

1.Multiple threads should run to do different tasks.
2.Each thread should start/stop individually.
3.Sleep Time of the thread should be configurable.

Steps to implemement-

1.The parameters start/stop,sleep time we can set in the database.
2.When the threads are executing we can keep track of the status of the thread by creating a user defined APIs, e.g. We created a singleton Thread Manager class ,which has 3 API’s to monitor status of the thread -

register()-It will register the thread into a java collection, when the thread has started executing.
unregister()-It will remove the thread from the collection ,when the thread is stopped.
isActive()-It will check every time whether the thread is active(return value is boolean).

Code Snippet:

public class ThreadManager {

private static HashMap hmThreadState = null;

private ThreadManager() {
}

public static synchronized boolean register(String processor, long id) {

boolean isSuccess = false;
if( hmThreadState == null)
{
hmThreadState = new HashMap();
}

if (!hmThreadState.containsKey(processor)) {
hmThreadState.put(processor, id);
isSuccess = true;

} else {
System.out.println(“unable to register ” + processor + ” with thread id ” + id + ” another thread is active”);
}

return isSuccess;
}

public static synchronized boolean unregister(String processor, long id) {
boolean isSuccess = false;
if (hmThreadState != null && hmThreadState.containsKey(processor)) {
hmThreadState.remove(processor);
isSuccess = true;
} else {
System.out.println(“unable to unregister ” + processor + ” with thread id ” + id);
}
return isSuccess;

}

public static synchronized boolean isActive(String processor) {

boolean isActive = false;
if (hmThreadState != null && hmThreadState.containsKey(processor)) {

System.out.println(“processor ->” + processor + ” thread id ” + hmThreadState.get(processor));
isActive = true;
}

return isActive;
}
}

We register and unregister the threads when the run() gets invoked and when the thread exits (i.e stopped)

Code snippet for run()-

public abstract class ThreadProcessor extends Thread {

public void run() {
try {
String thrdName = Thread.currentThread().getName();

if (ThreadManager.register(this.getClass().getName(), Thread.currentThread().getId())) //Registering the thread into
collection
{
while (true) {

int stop = Configuration.getSleeptime(this.getClass().getName()+ “_Stop”); //getting stop parameter for the thread
from database,if stop==0 ,thread will
start ,else it will stop

if (stop == 0) {
int sleeptime = Configuration.getSleeptime(this.getClass().getName() + “_SleepTime”); //getting the sleeptime from
database
Thread.sleep(sleeptime * 60 * 1000);
} else {
if ( ThreadManager.unregister(this.getClass().getName(), Thread.currentThread().getId() )) // unregistered the
thread from collection
{
break;
}
}
}

}

} catch (InterruptedException e) {
e.printstacktrace();
}
}

}

Code snippet to intiate and check the thread status :

We start the thread and check the status of the thread in the following API.The Processor class has extended the ThreadProcessor class.If the stop parameter is ’0′ or the isActive API is returning false ,the thread will start otherwise not.

public void start() {

int processorstop = Configuration.getSleeptime(“processor_Stop”);

if (processorstop== 0 && ThreadManager.isActive(“processorstop”) == false) {
pd = new Processor();
pd.start();
}

}

Data Profiling and Automated Cleansing Using Oracle Warehouse Builder

Data profiling is the process of examining the data available in an existing data source (e.g. a database or a file) and collecting statistics and information about that data. The purpose of these statistics may be to:

1. Find out whether existing data can easily be used for other purposes
2. Improve the ability to search the data by tagging it with keywords, descriptions, or assigning it to a category
3. Give metrics on data quality, including whether the data conforms to particular standards or patterns
4. Assess the risk involved in integrating data for new applications, including the challenges of joins
5. Assess whether metadata accurately describes the actual values in the source database
6. Understanding data challenges early in any data intensive project, so that late project surprises are avoided. Finding data problems late in the project can lead to delays and cost overruns.
7. Have an enterprise view of all data, for uses such as Master Data Management where key data is needed, or Data governance for improving data quality.

Most organizations build a data warehouse to provide an integrated, reliable, and consistent €œsingle version of the truth.€ Data is usually sourced from a number of systems and has to be extracted, cleansed, and integrated before being made available for users to query.

The quality of the data loaded into the data warehouse is often variable, however, and for that reason, historically the process of profiling your source data has been a time-consuming, manual process that has required either lots of experience with SQL*Plus or the purchase of an expensive third-party tool.

Oracle Warehouse Builder has the built in ability to profile data and no knowledge of SQL*Plus is required. Furthermore, the data profiles through Oracle Warehouse Builder can be used to generate automatic corrections to the data.

Data Profiling and Correcting Within Oracle Warehouse Builder

Data within your data warehouse can only be turned into actionable information when you are confident of its reliability. When you bring data into your data warehouse, you need to first understand the structure and the meaning of your data, and then assess the quality and the extent to which you may need to cleanse and transform it. Once you know what actions you need to take, you then need to make the required corrections to the data, and put in place a means to detect and correct any more errors that might occur in future loads. To do this, Oracle Warehouse Builder includes three new features that make this process simple and straightforward:

1. Graphical Data Profiler€€Enables you to understand the structure, semantics, content, anomalies, and outliers present in your data, and derive data rules that will later be used within your data warehouse
2. Correction Wizard€€Takes your data rules and applies them to your data, automatically generating correction mappings to cleanse and transform your data
3. Data Auditor€€Takes your data rules and monitors the quality of subsequent data loads

Apart from removing the need for complex SQL*Plus scripts or third-party tools, doing your data profiling and corrections within Oracle Warehouse Builder has several advantages. The metadata that you generate about your data quality is stored alongside the other metadata in your design repository. Also, the mappings used to correct your data are regular Oracle Warehouse Builder mappings and can be monitored and managed with all of your other ETL (extract, transform, and load) processes. Doing your data cleansing and profiling within Oracle Warehouse Builder means that you only have to learn a single tool, and in addition, by integrating this process with your other ETL work, you ensure that data quality and data cleansing becomes an integral part of your data warehouse build process, and not just an afterthought.

There are number of problems that may be encountered in trying to automate testing. Having some idea of the type of problems that encounter should help in implementing an effective automation regime.

Few common problems are described below.

1. Unrealistic expectations. Generally there is a tendency to be optimistic/have high expectation about what can be achieved by a new test tool. It is human nature to hope that this new test solution will at last solve all of the problems we are currently experiencing. Vendors usually emphasize the benefits and successes, and may play down the amount of effort needed to achieve the desired benefits. If management expectations are unrealistic, then no matter how well the tool is implemented from a technical point of view, it will not meet expectations.

2. Expectation that automated tests will find a lot of new defects. A test might more likely find a defect the first time it is run. If a test has already run and passed, running the same test again is much less likely to find a new defect (unless the test is exercising code that has been changed or could be affected by a change made in a different part of the software, or is being run in a different environment).

Test execution tools are ‘record – replay’ tools, i.e. regression testing tools. Their use is in repeating tests that have already run. This is a very useful thing to do, but it is not likely to find a large number of new defects, particularly when run in the same hardware and software environment as before. Knowing that a set of tests has passed again gives confidence that the software is still working as well as it was before, and that changes elsewhere have not had unforeseen effects.

3. Poor testing practice. If testing practice is poor, with poorly organized/designed tests, little or inconsistent documentation and tests that are not very effective at finding defects, automating those tests is not a good idea.

4. Maintenance of automated tests. When software is changed it is often necessary to update some, or even entire test suite, so they can be re-run successfully. This is particularly true for automated tests. Test maintenance effort is the biggest challenge and often reason to truncate many test automation initiatives. When it takes more effort to update the tests than it would take to re-run those tests manually, test automation will be stopped.

5. False sense of security. Just because a test suite runs without finding any defects, it does not mean that there are no defects in the software. The tests may be incomplete, or may contain defects themselves. If the expected outcomes are incorrect, automated tests will simply preserve those defective results.

6. Technical problems of tools. Commercial test execution tools are software products, sold by vendor companies, they are not immune from defects or problems of support. Interoperability of the tool with other software, either your own applications or third-party products, can be a serious problem. Many tools look ideal on paper, but simply fail to work in some environments.

In addition to technical problems with the tools themselves, we may experience technical problems with the software we are trying to test. If software is not designed and built with testability in mind, it can be very difficult to test, either manually or automatically. Trying to use tools to test such software will add complication which will only make test automation even more difficult.

7. Organizational issues. Automating testing is not a trivial exercise, and it needs to be well supported by management and implemented into the culture of the organization. Time must be allocated for choosing tools, for training, for experimenting and learning what works best, and for promoting tool use within the organization.

Test automation is an infrastructure issue, not just a project issue. In large organizations, test automation can rarely be justified on the basis of a single project, since the project will bear all of the start-up costs and teething problems and may reap little of the benefits. If the scope of test automation is only for one project, people will then be assigned to new projects, and the automation initiative will be lost.

We usually think of rounding as applying only to numeric values: If the digit to the right of where you want to round is 0-4, round down; if it’s 5-9, round up. In Oracle, the ROUND function is used for this: The expression ROUND(12.34, 1) evaluates to 12.3, and the expression ROUND(12.37, 1) evaluates to 12.4. Likewise, the TRUNC function truncates instead of rounding. Both TRUNC(12.34, 1) and TRUNC(12.37, 1) evaluate to 12.3.

But you can also apply ROUND and TRUNC to date expressions, giving you the ability to round and truncate to a specified date boundary. What is returned is another date value, but it is adjusted to the requested boundary. To specify the boundary, use the same format codes used with the TO_CHAR and TO_DATE functions: €˜dd’ for day, €˜mon’ for month, €˜q’ for quarter, and €˜y’ for year. You can also round time the same way: use €˜hh’ or €˜hh24€² for hours and €˜mi’ for minutes.

Listing A is a sample report from the EMPLOYEES table in Oracle’s sample HR schema. For each employee, it shows the employee name and exact hire date, the first day of the month in which the employee was hired (hire_month), and it calculates the start of the following month (benefits_date).

col employee_name format a30

col hire_date format a15

col hire_month format a15   

col benefits_date format a15

SELECT   

    last_name || ', ' || first_name employee_name   

    ,hire_date   

    ,TRUNC(hire_date, 'mon') hire_month   

    ,ADD_MONTHS(TRUNC(hire_date, 'mon'), 1) benefits_date   

 FROM   

    employees   

 WHERE   

    last_name LIKE 'B%'   

 ORDER BY   

    employee_name   

 /

The ADD_MONTHS function is used here to round up to the following month. First, I use TRUNC to get the beginning of the current month; then I use ADD_MONTHS to add one month. The resulting expression is:

ADD_MONTHS(TRUNC(hire_date,'mon'), 1)

When using DBMS_JOB to schedule batch jobs (vs. DBMS_SCHEDULER in Oracle 10g), TRUNC is a handy way to force a job to start at a particular time. Because the SYSDATE function returns both a date and a time, a job scheduled as €˜SYSDATE+1€² is scheduled for tomorrow but at the current time. TRUNC strips away the decimal portion, which represents the time and resets the date to midnight. So TRUNC(SYSDATE) is midnight of the current day, and TRUNC(SYSDATE)+1 is midnight of the following day. Adding a fractional offset to this sets the proper time. The expression TRUNC(SYSDATE) + 1 + 6/24 + 30/1440 starts the job at 6:30 A.M. (There are 24 hours in a day and 1440 minutes.)

If the term Unit Testing is totally new for you then here are a few definitions that will get you started about the concept€¦

What is a Unit in code?

A unit is typically a code block with a defined simplified functionality. Such a code block can be a function or a class.

What is Functionality?

Functionality is an operation that will either process input and return output or perform action that modifies the state of the object/system.

What is Unit Testing?

Each unit is tested programmatically in isolation to verify its independent behavior.

• Establishes an artificial environment.
• Invokes the operation.
• Checks the results returned against some known value, thus verifying that the unit performs the defined functionality as expected.

Or precisely, a code that executes and verifies a piece of code which is part of the main system.

Now that you know what Unit Testing is, quite possibly you have also developed those initial doubts, first and foremost€¦

Why do we need Unit Test?

For two simple reasons:-

• Unit tests check their own results and provide immediate feedback
  (can also be configured to run automatically).
• Unit tests increase the stability of software.

Consequently enables you to develop more confidence in the code.

You will be more comfortable refactoring code and adding new features to the code that is unit tested. Whereas if the code is not unit tested then you will be paranoid about refactoring or adding new features because you don€˜t know what might break as a result of change.

For those who already know what Unit Testing is but still do not practice it, for sure they have there own valid reasons, lets just analyze some of the standard reasons:-

• Don’t have sufficient time to unit test.
  -The time spent on unit testing is actually the time saved from debugging.
• The client wants us to develop code, not write unit test.
  -The client surely does not want you to create bugs, unit test helps prevent bugs.
• I am supporting a legacy application without unit tests.
  -With legacy application you can reform each unit by introducing unit test for each unit that is modified.
• QA and User Acceptance Testing are far more effective in finding bugs.
  -True, but that does not give reason to developer for passing stupid mistakes to QA or User. Further defects can be found and fixed before they get formed. Hence less time spent on debugging.
• Effort of unit testing is more than the effort of writing code and testing it.
  -There are many good frameworks that simplify your effort of writing unit tests. The point is being aware of such frameworks and there advantages.
• Unit testing is for novice programmers not for me.
  - Unit test is intended to standardize the quality of code produced by a team with varying expertise of members. A good unit test demonstrates what all points where taken in consideration while writing the good code. If you think you never make mistake in your code then share your expertise with fellow programmers by writing good unit tests.
• I don’t know how to unit test or I don’t know how to write good unit tests.
  - Read on to know about writing good unit tests.

If you need some more convincing then refer to Eric’s and & Brian’s – Top 12 Reasons to Write Unit Tests:

http://onjava.com/pub/a/onjava/2003/04/02/javaxpckbk.html

And Ian Nelson’s – 12 Reasons why he love Unit Tests:

http://ianfnelson.com/blog/why-unit-test/

The reason why I write Unit Test is because it demonstrates the ingenuity of every piece of code that shapes my perfect system. And with every successful unit test I feel the excitement of achievement.

How to write Unit Tests?

No matter which framework you chose fundamentally things remain same:-

You need one or more classes where you will write methods with code that will test other classes and functions of your main code. These classes are called TestClass in VSTS (and TestFixture in NUnit). Such classes are marked with TestClass attribute (or TestFixture in NUnit).

The methods of the Test Class that execute a unit of the main code and verify the result are called TestMethod (or Test in NUnit). These methods are marked with TestMethod attribute (or Test in NUnit).

At times there might be a need to perform certain initialization operations before running each of the Test methods such initialization operation can be written inside a TestInitialize method (or Setup in NUnit). Correspondingly the cleanup operations that should be performed after each Test can be written in TestCleanup method (or TearDown in NUnit).

VSTS Test example:-

using Microsoft.VisualStudio.TestTools.UnitTesting;

[TestClass]
public class SampleUnitTest
{
[TestInitialize()]
public void Init() { }

[TestMethod]
public void TestOperation() { }

[TestCleanup()]
public void Destroy() { }
}

NUnit Test example:-

using NUnit.Framework;

[TestFixture]
public class SampleUnitTest
{
[SetUp]
public void Init() { }

[Test]
public void TestOperation() { }

[TearDown]
public void Destroy() { }
}

Apart from these commonly used methods there can be additional methods provided based on the selected framework, like €€œ static ClassInitialize (or TestFixtureSetup in NUnit) and static ClassCleanup (or TestFixtureTearDown in NUnit). ClassInitialize executes only once before any test method in the test class is executed and ClassCleanup executes only once after all test methods in the test class has been executed.

Further, apart from the above attribute classes of the framework another very important class is the Assert class that contains static methods for comparison and verification of results of the test against some expected values.

Having the above fundamental knowledge of Unit Testing, we are now ready to write some example.

I do not prefer replicating the classic LoginInfoTest example by Mark Michaelis and extended by authors at codeproject.com and other technical blogs. Rather I have something very simple (and my favorite) a variation of €œHello World€, the €œHello User€ example.

Step 1: Create our main application

Lets create and assembly HelloUser with a class Greeting with a method Greet that will return greeting message string for the given user.

namespace HelloUser
{
/// <summary>
/// Greets User
/// </summary>
public class Greeting
{
/// <summary>
/// returns greetings based on given user
/// </summary>
/// <param>name of the user</param>
/// <returns>greeting for the user</returns>
public string Greet(string userName)
{
if (string.IsNullOrEmpty(userName))
return “Hello User”;

switch (userName)
{
case “Kamal”:
return “Hi Kamal”;
case “Shameer”:
return “Hey Shameer”;
case “Roy”:
return “Hoi Roy”;
default:
return “Hello ” + userName;
}
}
}
}

Note: In a Test Driven Development approach we would not have implemented the method before writing the following test, but for simplicities sake we will not get into TDD.

Note: Although I have marked the class and method as public for simplicities sake, the auto code generation of VSTS is also capable of generating test code stubs for non public members, however the generated code stub will be quite complex to understand.

Step 2: Creating Unit Tests

• Perform a mouse right click on the class Greeting, that will give you an option to Create Unit Tests.
• Selecting the option will open a dialog asking for a project to which the Unit Test Class should be added.
• The default and recommended option will be create a new test project. And that will ask you to name your new test project. Lets name it has TestHelloUser.
• The TestHelloUser project gets created with a class GreetingTest with a TestClass attribute and a lot of code and comment (compared to the size of our application code). For now lets just ignore (or remove) the rest and focus on the Test Methods.
• For our example two test methods stubs would have been auto created, namely GreetTest and GreetingConstructorTest. Since we are relying on the default constructor of our Greeting class (or in lay terms do not have a constructor for Greeting class). Let us just delete the GreetingConstructorTest method completely.
• Now the only Test Method we have and are concerned with is the GreetTest method that is supposed to perform Unit Test on our Greet method of Greeting class in the main assembly. As you would notice most of the code you need is already create, that is creating instance of Greeting class, invoking the Greet method and Asserting expected and actual value returned. All that we need to do in this method are:
  • Specify the input value of userName, (say €œBart€)
  • Specify expected value, (say €œHello Bart€)
  • Remove the Assert Inconclusive operation (VSTS (or more precisely, MSTest) adds this default assert to warn about test stubs (test methods) that have not been modified manually)
  • With the above changes our Test Method should look like:

[TestMethod()]
public void GreetTest()
{
Greeting target = new Greeting();
string userName = “Bart”;
string expected = “Hello Bart”;
string actual;
actual = target.Greet(userName);
Assert.AreEqual(expected, actual);
}

• The last step left is running our Unit Test, select menu option
  Test >> Run >> Tests in Current Context
• That should run the test and produce a Test Results dialog, reporting whether the test passed or failed. Double clicking the result should open result detail also mentioning the time it took for the test to run.

That’s it?

Well, yes that completes our example and tutorial about Unit Testing with VSTS, unless you are inquisitive about some automatically added files to your solution under Solution Items folder.

I will not get into the details as this is already beyond the topic (and honestly I don’t know much) but just one feature as a bonus gift for readers who have reached so far and also because I find this feature very useful and that is Code Coverage.

In the Solution Items folder of our above solution you will find a file named LocalTestRun.testrunconfig file. Double click this file to open Test configuration Dialog.

Select the Code Coverage option to specify assemblies to be instrumented or (observed) for Code Coverage. Select the HelloUser assembly and Apply and Close.

Run the Test Again the Test Result dialog will show the result of Unit Test (GreetTest), double clicking which you can see the same Result Details.

Now, rather than performing a mouse double click on the Result for result detail perform a mouse right click on the result that will show you a set of options, select the option Code Coverage Results . That will open the Code Coverage Results window with a tree view for the HelloUser assembly. Expand the tree nodes to review the code coverage percentage and reach till the Greet method. Double click the Greet method and you will find the Greet method color coded, showing the lines executed during the test highlighted with a light blue color and the line not executed during the test highlighted with a light pinkish color (I am sorry I don’t know the exact name of the color). And this will help you analyze and decide the input values for your further Unit Tests that will perform more code coverage.

Apart from the ability to create Unit Tests and review Code Coverage, VSTS Unit Testing Framework provides features for pulling test data from external database and also provides an integral mock framework for creating mock objects for unit tests.

How to write good Code and good Unit Tests?

A basic rule that I follow is a code that cannot be easily unit tested is the code that should be refactored. So, simple Unit Tests also prove that your code is well structured.

Further the following best practices describe the principle for writing good Code and Unit Tests:

• Write code that is easy to Unit Test.
• Code a little, test a little, and code a little, test a little…
• Build in testability from the very beginning.
• Unit test each piece before integrating them.
• Each test should be independent of other tests and can be run autonomously.
• Run your tests as often as possible.
• Avoid creating unit test dependency on machine or system state. Like initial database value or directory path.
• Use Initialize and Cleanup to set and clear system state for Unit Tests.

In this we are going to discuss some point about project management features and discuss what new for that in TFS 2010.

Team Foundation Server provides project management features such as centralized work item management, process management, security and permissions management, project metrics, and reporting to improve your ability to manage development projects in Visual Studio.

The software-development lifecycle has been made an integral part of the tooling to support software project development efforts. TFS provides the MSF Agile and MSF CMMI process templates, which support two very different development methodologies. We can modify the supplied process templates or create one from scratch in order to meet your team’s development process needs.

MSF for Agile Software Development Process Template

The work item types provided by this process template include:

• Scenario €€œ Used to represent a user interaction with the application system. It records the specific steps necessary to reach a goal. When writing scenarios, be sure to be specific as there may be many possible paths.
• Task €€œ Used to represent a unit of work that needs to be performed. Each role has its own requirements for a task. For example, a developer uses development tasks to assign work.
• Quality of Service Requirement €€œ Used to document the system characteristics such as performance, load, availability, stress, accessibility, and serviceability
• Bug €€œ Used to communicate a potential problem in the system.
• Risk €€œ Used to identify and manage the inherent risks of a project.

Work Item Type: Bug

Work Item Type: Scenario

Work Item Type: Quality of Service Requirement

Work Item Type: Risk

Work Item Type: Task

MSF for CMMI® Process Improvement Process Template

The work item types provided by this process template include:

• Requirement €€œ Used to capture the requirements defined during the requirements gathering phase.
• Change Request €€œ Used to capture any change requests subsequent to the gathering of requirements.
• Issue €€œ Used to capture issues to be tracked in the projects.
• Task €€œ Used to represent a unit of work that needs to be performed. Each role has its own requirements for a task. For example, a developer uses development tasks to assign work.
• Review €€œ Used to represent the review work units with in the projects, like code review, design review etc.
• Bug €€œ Used to communicate a potential problem in the system.
• Risk €€œ Used to identify and manage the inherent risks of a project.

Work Item Type: Bug

Work Item Type: Requirement

Work Item Type: Change Request

Work Item Type: Issue

Work Item Type: Review

Work Item Type: Risk

Work Item Type: Task

New in TFS-2010

Updated MSF Agile Template

Terminology €€œ In general, It had adopted common Agile community terminology (Backlog, User Story, Story Points, etc) and moved away from Microsoftish terminology.

Simplification €€œ It had simplified the work item forms, focusing more on the stuff that is immediately relevant. It had eliminated fields people didn’t care much about.

Scenario €€œ> User Story €€œ It had now moved to the Agile User Story model, including tracking User Story size as €œStory Points€.

Hierarchy €€œ Added hierarchical relationships so that User Stories can be decomposed into tasks and tasks can be decomposed into subtasks.

Improved reports €€œ Reports are much nicer.

Testing support €€œNew Team System testing tools added as first class support. The process template contains a Test Case work item type and other features to enable great integration.

Guidance rewrite

User Story:

Task:

Bug:

Updated MSF CMMI Template

New CMMI information model and the supported relationship types.

In addition to that:

CMMI 1.2 compliance

Two new requirement types €€œ Added Business Objective and Feature to the existing set of requirement types.

Improved reports €€œ The reports much nicer.

Testing support €€œ Added the new Team System testing tools as first class support. The process template contains a Test Case work item type and other features to enable great integration.

New Reports

:

Much more attractive and powerful €€œ Taking a dependency on SQL 2008 allowed to leverage the new reporting capabilities there. The result is reports that are much more visually attractive and can represent much more complex data relationships.

Self explanatory €€œ Lot more content put into the reports to help us understand what the report is intended to tell you, what data you are looking at and generally give much better context for interpreting the report.

New Excel reports €€œ For the first time, some of reports are authored as Excel workbooks. If we use MOSS for our portal, we can host them there, otherwise we can open them in Excel. The primary advantage of this is that although they are a bit less powerful than Reporting Services, they are much easier to customize.

Just to give you a view of all the reports its included, here are some screenshots of Team Explorer:

Project Management Features in Team Foundation Server

• Process management. Team Foundation Server process management includes Microsoft Solution Framework (MSF) process guidance as well as process templates that set up new team projects with work item types, reports, a project SharePoint portal, and source control settings.
• Security and permissions. New projects contain default groups and permissions that map to common development team roles.
• Centralized work item management. Work items including bugs, risks, tasks, scenarios and quality of service (QoS) requirements are centrally recorded, managed, and maintained in the TFS work item database. Centralizing their storage makes it easy for all team members to view and access them.
• Microsoft Office Excel® and Microsoft Office Project integration. By using the Office Excel and Office Project integration features, project managers can continue to access the work item repository and schedule information by using tools they already know.

• Metrics and reporting. TFS provides a reporting service which transforms operational data such as work items, build results, and test results into metrics stored within TFS data warehouse. Predefined reports allow you to query a variety of project health and quality metrics.
• Project portals. For every team project, TFS creates an associated project portal that uses Microsoft Windows SharePoint® Services. You use the portal to manage project-related documentation, and to quickly view key reports and assess project’s current status.

Benefits

The project management features of TFS provide the following benefits:

• Centralized management
• High traceability
• Integrated project planning and scheduling
• Improved process control
• Improved team communication and cohesiveness
• Accurate progress reporting

Strategies for Team Projects

Team Project per Application

This is the most common strategy for creating team projects. This approach is useful for both large and small applications, as well as multiple releases of applications being developed in parallel. With this approach, you create one project for each application under development.

Team Project per Release

This approach is useful for large teams who are working on long-running projects. After every major release, you create a new project and have a clean start. With this approach we don’t have to worry about carrying the previous release’s baggage forward, including work items. Also, this approach provides you with the opportunity either to improve the process templates or use new ones based on your newly acquired experience and learning.

Team Project per Team

This approach is useful for large projects that span multiple teams, where central control and activity monitoring is important. With this approach, we create a project for each team. This approach closely aligns a team with the workflows defined in TFS work item types and provides a unit of reporting that spans the entire team.

Team Foundation Server 2010
In this Post I am going to tell the main architectural difference of TFS 2010 with earlier version .In coming post we will go through key feature that will make the developer job easy with TFS .
Team Project Collections
Team Project Collections are a new concept in TFS 2010. They represent a set of projects that are managed together. Each TPC has it’s own set of databases. This enables TPC’s to be backed up, restored or migrated independently of other TPC’s on the same logical or physical TFS implementation.
This is particularly exciting for large TFS implementations. The ability to segment the environment into units based on organization units, clients, product team, etc. is compelling. Also, individual TPC’s can be backed up and archived. In a consulting organization this is huge improvement.

Archive/restore individual project collections €€œ In previous versions, the entire TFS server had to be backed up/restored so if you wanted to recover a specific project from a backed up state, you had to restore the entire server. In TFS 2010, you can separately backup and restore individual Team Project Collections.
Move Team Project Collections €€œ Team Project Collections can be moved between SQL Servers within a TFS farm, between TFS farms in the same network and between TFS farms on different networks (which will be a bit harder than the first two because of no identity continuity between networks).
Server consolidation €€œ In TFS 2010, multiple TFS servers can be merged together into a single TFS farm (a request we are increasingly seeing as organizations want to fold grass roots TFS adoption into a centralized service).
Team Project Collection Split €€œ A Team Project Collection can be split into separate collections each containing a subset of the Team Projects. The primary scenario in which I expect to see this used is migrating from TFS 2005/2008 to TFS 2010. Because you could, essentially, only have 1 Team Project Collection in previous versions of TFS, many customers have accrued 10’s or 100’s of projects on a single server. TFS 2010 will allow them to be broken up.
Team Project Collection Isolation €€œ Each Team Project Collection is a separate administrative entity. This means that you can reasonably do shared hosting of collections with appropriate separation of administration and operations responsibilities and without hosted teams needing to know about each other.

TPC’s can be scaled across a number of SQL Servers as each is now independent database.
These structural changes make TFS much more manageable and vaults TFS into the large enterprise space.
In TFS 2010 this had been sloved by Team Project Collections (TPCs). In TFS 2010 a TFS farm hosts Team Project Collections and not just Team Projects. A Team Project Collection is a group of related Team Projects and a TFS farm can host many Team Project Collections. To try to make an analogy with TFS 2008, it’s as if TFS 2008 could host exactly 1 Team Project Collection per physical TFS server. The key is that Team Project Collections are completely independent of each other. Two Team Project Collections can each have a change set with the same changeset number (but very different contents). They can each have work items with the same work item ID. You used to identify things in TFS by server url + ID. Now you identify them by server url + team project collection + ID.
When you connect to a TFS server in TFS 2008, you get a screen that looks like this. As you can see €€œ you pick the server and then one or more Team Projects to work on.

However, in TFS 2010, the Connect to TFS dialog looks like this:

As you can see on the left hand side, there is now a list of Team Project Collections (currently labeled €œDirectory€) and on the right hand side, you can see a familiar looking list of Team Projects within the selected Collection. The client will only allow you to connect to projects in one TPC at a time.
It is very similar to Sharepoint architecture
Database Changes
As TFS 2010 has Team Project Collections has So it changes TFS databases.
TFS 2008 was composed to databases partitioned by subsystem. There was one for Version Control, one for Work Item Tracking, Work Item Tracking attachments, Project Management, Build, Integration, €¦
Now with the introduction of Team Project Collections, there was changes to various subsystem data to make Team Project Collections easier to manage. TFS 2010 database architecture is as follows:
TFS_Config €€œ The €œroot€ database that contains centralized TFS configuration data, including the list of all Team Project Collections that this TFS farm is responsible for.If you go through Sharepoint terminology its WSS_Config.
TFS_Warehouse €€œ The TFS 2010 data warehouse database that contains reporting data from all Team Project Collections served by this Farm. This means that the data warehouse provides reporting capabilities across all Team Project Collections in the farm.
TFS_* €€œ One database for each Team Project Collection managed by the TFS farm. For example the €œdefault€ one would be TFS_DefaultCollection. Each database contains all of the operational data regardless of sub system (version control, work item tracking, build, etc) for a given Team Project Collection.
IMP:- There are still databases for Sharepoint and Report Server where ever you install those components.
TFS Farms
The introduction of the notion of a TFS farm is another big architectural change in TFS 2010. In TFS 2008, we talked about TFS €œServers€. Even then it was a bit of a misnomer since you can install all TFS 2008 capabilities (TFS, SQL, Sharepoint, Reporting Services, €¦) on a single physical (or virtual) server or distribute them across multiple.
However, it gets even more flexible with TFS 2010 and as such, it’s now really awkward to talk about a TFS €œserver€. That said, it is still possible (and will likely be common) to install all of the TFS components on a single server.
The big changes that constitute €œTFS farms€ are the following:
NLB support for TFS application tiers €€œ With TFS 2010, you can configure multiple TFS application tier machines to serve the same set of Team Project Collections. The primary purpose of NLB support is to enable a cleaner and more complete high availability story than in TFS 2008. Any application tier in the farm can fail and the farm will automatically continue to work with hardly any indication to end users of a problem. It also improves things like the operating system patching story (ATs in the farm can individually be taken offline for patching with out shutting users out of the system). And more.
Scale out for SQL data tiers €€œ TFS 2010 now support use of as many SQL Servers as you like. Each data base can be configured to be on any SQL server and because each TPC is an independent database, this gives administrators a great deal of flexibility to manage their SQL server installations. These features can be used to load balance databases across SQL Servers, manage capacity, retire old SQL servers, etc. A project collection can easily be suspended while it is moved between SQL servers without affecting the operation of any other collections.

This is important architectural difference we had.This post is inspired by bharry’s post one of founder of TFS 2010.The topic is huge I will continue to discuss on this and also some of concept like

1. Protect the quality of your code.
2. Understand parallel development
3. Manage your project
4. Report on your entire portfolio
5. Coordinate across development platforms
6. Admininster TFs in your environment

in the coming Post.

VSDBE is a great product with very good features. However when I was creating a database project for one of the existing databases, I got more than 400 errors and it took me a while to figure out how to solve these errors though the solution was very easy.

I thought of writing a document on it so that it can be helpful to anyone who will face similar kind of issues.

Once you are done with importing the schema from the database and if you try to build your database project you might probably see the following list of errors.

Error TSD03006: View: has an unresolved reference to object

Error TSD03006: View: contains an unresolved reference to an object. Either the object does not exist or the reference is ambiguous because it could refer to any of the following objects€¦

Error TSD03006: User: has an unresolved reference to object.

Error TSD03006: Column: has an unresolved reference to object.

Error TSD03006: Column: contains an unresolved reference to an object. Either the object does not exist or the reference is ambiguous because it could refer to any of the following objects€¦

Most of the errors which you get will be similar, either it will be unresolved reference to View, User, Column, stored procedure or function.

Solving TSD03006 for Views:

As the error clearly says that there is an unresolved reference to the object , the first thing what we would do is to create another project and import the schema for the database which has been referenced in our main project and then add this reference to the main project.

The database project that you just created might again have references to other tables from another database, so you will have the similar build errors in that project as well. First thing we need to do will be to build the second project without any errors, so once you import the project make sure you keep only the things that are referenced in the main project and delete all the other script files like most of the sp’s, views and tables and incase any user login is giving any unresolved reference error then delete those logins as well. Then we have to add this reference to the main project, while adding reference we need to keep in mind that the DBE is case sensitive and make sure we give the exact database name the way it is being used in the view.

For e.g.

CREATE VIEW [dbo].[GetCustomerOrders]

AS

select dbo.CustomerDetails.FirstName as Name, [TestB].dbo.OrderDetails.OrderName as Orders

from dbo.CustomerDetails

join [TestB].[dbo].[OrderDetails] on dbo.CustomerDetails.ID = [TestB].[dbo].OrderDetails.CustomerID;

In this view I am having a reference to a table Orderdetails which is in TestB database. When we are referencing TestB database we need to select the TestB database and then we need to check the Define database variable option and also check the literal checkbox and specify the exact name that has been used in all the views.

This would solve all the errors related to views.

There might be some instance where your database is referencing a table from another server. While adding reference to such a project make sure we define both the server variable and the database variable as shown below.

The view now would look like this

CREATE VIEW [dbo].[GetCustomerOrders]

AS

select dbo.CustomerDetails.FirstName as Name, [TestB].dbo.OrderDetails.OrderName as Orders

from dbo.CustomerDetails

join [TestB].[dbo].[OrderDetails] on dbo.CustomerDetails.ID = [$(ServerName)].[$(DatabaseName)].dbo.OrderDetails.CustomerID;

For detailed information please refer this link: http://download.microsoft.com/download/0/A/E/0AE1153A-8798-474A-93E6-D19299F37C8B/Readme.mht#_Toc213500658

Solving TSD03006 for User:

To solve these errors we need to create a server project and import the database objects.

The server project has both the server level objects and database level objects, we need only the server level objects information as that will contain all the information about the logins, rest of the objects can be deleted. Make sure only server level objects and severrolemembership script exists.

Build this project and add reference of this project to the main project as mentioned above. This will solve user login related errors.

Suppressing the warnings related to sp’s and functions:

If we have cross database reference in a stored procedure or in function then we get warnings saying €œTSD04151: Unresolved reference to €¦.€, we can suppress these warnings for the entire project by right clicking on the project properties and select the build option under which we have an option to suppress warnings, we have to mention the warnings that we want to suppress as shown below.

We can also suppress the warnings for a particular script file by right clicking on the script file and selecting properties under which we have an option to suppress warnings.

Solving error Delpoy01234:

When all the errors and warnings are resolved and when we want to deploy the project to the target database we might get the following error €œThe deployment script was generated, but was not deployed. You can change the deploy action on the Deploy tab of the project properties.
—— Deploy started: Project: TestA, Configuration: Debug Any CPU ——
C:\Program Files\MSBuild\Microsoft\VisualStudio\v9.0\TeamData\Microsoft.Data.Schema.SqlTasks.targets(120,5)Error Deploy01234: The source database schema provider Sql100DatabaseSchemaProvider could not be translated to provider Sql90DatabaseSchemaProvider. Deployment cannot continue.€

This error occurs, if the current project version is greater than the target database version where we want to deploy it.

To solve this method we can change the project version by right clicking on project properties and under project settings tab we have an option to select project version as shown below, change it to a version lower or the same version when compared to the target database where you want to deploy the changes.

These are the most likely errors that can occur while we create a database project.

I have developed a graphical solution for our prestigious client. Graphical solution includes generating Bar chart, Pie chart, line chart, Stacked bar chart, Multiple bar chart. I have done a simple search to get the list of open source applications which is available in market to provide the Chart solution.

I have got a list of opensource PHP Charts

1. JPGraph
2. GraPHPite
3. Open Flash Chart
etc…

We had chosen JPGraph since it has most of the chart types. But on the next day, I got to know its not completely open source, for commercial purpose we need to get license.

I started searching for some solution which is provided by PHP.

I got a fantastic PEAR package, “Image_Graph”.

PHP professionals knows what is PEAR (PHP Extension and Application Repository). Its is a framework and distribution system for reusable PHP components.

We can handle most of the charts using Image_Graph. Some of them are

Bar Chart, Pie Chart, Line Chart, Donut Chart, Step Chart, Logarithmic Charts, Area Chart, CandleStick Chart, rador Chart, Impulse Chart, Dot Chart, Band Chart and BoxWhisker charts with stacked and gradient effects. Its a cool package.

Click here to have a look at the list of graphs

Requirements need to check before starting with Image_Graph

1. Your PHP should support Graphics, for that you need to install and enable GD Library.

Click here to get more details about GD Library

2. Your PHP version on server should me more than 4.3.0, suggested to keep PHP 5

3. You need to have the following PEAR packages in your server.

i. Image_Canvas-0.3.1
[Linux Command to install : pear install Image_Canvas-0.3.1 ]

ii. Image_Color-1.0.3
[Linux Command to install: sudo pear install Image_Color-1.0.3]

If you have done with all the above stuffs, you are ready to install Image_Graph PEAR Package.

Linux Command: pear install Image_Graph-0.7.2

For Manual installation Download the Image_Graph and move it to the PEAR path.

Try Examples in Local:

1. Download Image_Graph Package
2. Unzip the package
3. Move the unzipped folder to the web root of your Apache [either www / htdocs].
4. You can access the examples using url : http://localhost/Image_Graph/docs/examples/

By exploring the examples, you will get to know the various way of implementation. Its very simple if you know the basics of PHP.

Issues Which I faced during production upload:

The problems which I faced are

1. Missing of Fonts:

I got a warning like “Warning: imagettfbbox(): Could not find/open font in /usr/share/php/Image/Canvas/GD.php on line 1245”

Solution:
This occurs if you don’t have the correct (or any) fonts in your Fonts directory, found at php/Image/Canvas/Fonts/. Make sure that you have the corresponding .ttf file located in your Fonts directory

2. Issues with Legends for Pie/Donut charts

I got one more issue, that legends are not shown for Pie/Donut Charts. Refer: http://pear.veggerby.dk/samples/show/id/gradient_pie/

I searched for solutions. Finally the issue is with Image_Graph PEAR Package. They have included 2 lines which caused the problem. I didn’t analyse the functioanlity of the 2 lines. But the solution is simple, comment that two lines in the installed package.

Solution:

1. You need to find the PEAR package’s include path.

2. By checking the phpinfo using method [phpinfo( )], you can get the path “include_path“

3. In file /usr/share/php/Image/Graph/Plot/Pie.php, comment the following lines
Line 502: // $this->_clip(true);
Line 616: // $this->_clip(false);

I hope this will defenitely help peoples who is going for “Image_Graph” PEAR Package. Enjoy coding