Cognifide

Sitecore Fields – cast and use

Recently I was working on a tool that exports/imports content and resources in and out of sitecore for the purpose of managing translations. While doing some basic code operations I stumbled on a little catch with Sitecore Item’s Fields.

Continue reading: Sitecore Fields – cast and use

Review – Application Security Testing Tools

Although your web application’s security is a critical issue nowadays, some companies tend to underestimate the magnitude. This is very unfortunate as security holes can affect not only your brand or profitability but more importantly, your users’ data which can potentially lead to further problems. It’s obviously a good practice for a company to seek services of a specialist firm specializing in web security (especially if it doesn’t have an information security wing). The intent of this post however, is to delve into what a  QA’s role is when it comes to security.

In an ideal world, the QA team should have a security specialist. But what if this isn’t always possible? Well, even if we can’t do something perfectly (due to the lack of specialized knowledge), let’s at least do what we can. Anyone can really perform a basic security audit that will detect and eliminate so called “low-hanging fruits” (I’m referring to obvious security holes that could be exploited by an inexperienced attacker).

Even if you have absolutely no knowledge of security, you can use a wide range of tools available on the market that will help you scan for some potential problems.Of course, to use a tool however it would be good to have some basic knowledge so we know what we’re actually testing.

For starters, it may be a good idea to visit the OWASP Top 10 Project  that lists top security vulnerabilities for the previous year. Chances are that not all of them will be applicable to your project (i.e. if your website does not use any database then you are definitely not vulnerable to SQL injection).

Continue reading: Review – Application Security Testing Tools

Microsoft Smooth Streaming part 3

Introduction

In my last post about Smooth Streaming I explained the basic configuration that one needs to stream smooth videos. Just a quick  reminder -  all you need is Windows Server 2008, IIS, Media Services and Transform Manager to encode your video files to Smooth Streaming format. If you want to have more control over the encoding or need to incorporate it to a bespoke application, you need to go deeper.

Now, let’s look into how to use the Expression Encoder Object Model.

Continue reading: Microsoft Smooth Streaming part 3

Complex layouts in Sitecore using standard values hierarchy

This post concerns Sitecore 6.5.0 (rev. 111123).

Sitecore 6.4.0 introduced an awesome feature called “layout deltas”. In a nutshell, changes made to the presentation of an item are now stored as “deltas”. In the rendering pipeline, information stored in the standard values for the template is automatically merged with the “delta” for the item. What is the benefit of this? You can modify the presentation of standard values and the changes will be automatically reflected for all pages based on the template.

Unfortunately, this mechanism works only between an item and the template that it is directly associated with. However, you may want to create a hierarchy of templates, wherein generic templates hold common parts of the presentation and specific templates add more details to it. An example:

• Base template defines common header and footer
• Content template inherits from the base template adding navigation and sidebar
• Hub template inherits from content adding carousel control
• Article template inherits from content adding title, author and article content to the presentation.

When we start implementing this hierarchy we will run into an issue: As long as a child template does not change the layout, i.e. __renderings field in the standard values is empty, the presentation is inherited from the parent. Once you start adjusting the presentation in a child template, Sitecore will copy __renderings field value from the parent and apply your changes there. Since standard values are not regular items, they store full definition of the layout, not “deltas”! So if you decide at a later instance, to change the footer from our example, you will need to apply the same change to all four layouts.

Alistair Deneys in his blog proposed the so called Composite Presentation Inheritance to solve this problem. His approach works fine, but it affects rendering performance and uses “fake” layouts, which might be confusing to some editors. Below, I present an approach that is completely transparent to the Sitecore CMS users.

Continue reading: Complex layouts in Sitecore using standard values hierarchy

Cognifide @ meet.js

Last Saturday, 14th Jan 2012, Front-end freaks have met in Poznań on Meet.js Summit. It was a free event, one of the biggest conferences of that kind in Poland. People from Wroclaw, Cracow and Warsaw came to Poznan to summarize what they discussed last year on their local meet.js meetings. About 250 people attended two tracks of this conference.

One of the speakers was our Cogger Bartek Szopka. His very well received presentation about CSS 3D Transforms turned him into a kind of celebrity among Polish front-end developers. Attendees were very impressed with his work. Congratulations!

Cognifide also had its own stand on PP – with very popular and so tasty fudges. We were talking with front-end guys, sharing stories about Cognifide and answering questions about what the company is really doing…

But more importantly Cognifide sponsored Meet.js Summit afterparty (a.k.a. Cognifide Party) in Alcatraz Club in the evening. About a hundred developers and 800 glasses of beer – it was really spectacular. Everyone had a great time, talking not only about front-end technologies. And they all enjoyed our Cognifide gadgets – bottle openers and beer mats with Cognifide logo.

Check out meet.js Facebook gallery for more photos.

Branding Microsoft SharePoint Sites And Applications

Organisations tend to work hard in creating a smashing brand identity. Visual presence on the internet is especially important, as nowadays it is not uncommon for people to encounter new brands on the go. Many businesses tend to view their intranet sites and other internal web applications as important as their external applications. Here is a brief summary of how you can add custom branding to sites built on SharePoint 2010, which has become a widely used platform for creating all sorts of both public facing and internal websites.

Continue reading: Branding Microsoft SharePoint Sites And Applications

Integrating Adobe CQ with SiteCatalyst

It’s old news that with the Adobe Digital Enterprise Platform(ADEP) CQ 5.4, you can easily connect from CQ to Adobe SiteCatalyst report suites by simply entering your SiteCatalyst login credentials and all your basic reports would be available in a jiffy. Plus, you could edit additional parameters using the Page Data tab, map parameters of interest using the Clickstream cloud and even, set up Event Tracking. Sweet!

So, what more does ADEP WEM CQ 5.5 offer you with respect to web analytics?

Continue reading: Integrating Adobe CQ with SiteCatalyst

Microsoft Smooth Streaming part 2

In my previous post on Microsoft Smooth Streaming I highlighted a problem we had when sharing videos recorded during our internal knowledge sharing sessions. Initially, we just uploaded them to an FTP location but the number of viewers was really low and it became hard to show them to our partners. That’s when, we decided to use Microsoft Smooth Streaming as a solution to our video transmission/ delivery problems.

In this post, I will focus more on the technical aspects – the installation and configuration of all necessary components and video conversion using the Transform Manager. In the next post, I will discuss how to encode a video using the Expression Encoder Object Model.

Continue reading: Microsoft Smooth Streaming part 2

Html response store for Sitecore

Some time ago I worked on an Sitecore portal where one of the requirement was that the site must look nice on number of mobile devices. It wasn’t easy to debug problems with html for all the devices, especially as there is no obvious way of accessing the html source of the pages rendered for the device. And many times it’s hard to get the exact model of the phone for which the problem occurs.

We’ve tested the site against number of device models and we were happy with what we achieved, but one of the customer’s employees said that the site looks incorrect on a Blackberry. When I asked about the model details, the only response I got was “Blackberry with OS 6″ and that was it. Fortunately, I had developed the solution described below and I had deployed it on the servers before the tests. By  asking when the test was performed, I was able to find the exact model and type of the device. And guess what, we’ve found out that the model prepared for the French market displayed the site in a different way than the model for UK market (which we used for tests).

But lets start from the beginning. While developing the site I came up with an idea to store the responses (with some additional details about the request) on the server, so if an issue is raised, I may check what was the exact type and model of the device and what html response the application sent, knowing only the time the page was accessed. The solution is pretty simple and can be easily enabled and disabled by the single-line change in one of the configuration files.

Continue reading: Html response store for Sitecore

Adobe CQ 5.5 – Platform Architecture Refurbish

This year I got an early Christmas gift: a beta version of the upcoming Day CQ 5.5 – the newest incarnation of the Adobe Digital Enterprise Platform. The previous version was released soon after Adobe acquired the product and had but subtle touches made to it. This one seems more like the first stage in a major review of the whole architecture. Let’s see what changed and how it affects migration and future work on the platform.

Everything is running in OSGi

This has been rumoured about for quite a while and came more as a relief than a surprise. CQ 5.5 is finally a 100% OSGi application. Now, what does that really mean?

For as long as I remember (and that dates back to the days of Communiqué 4), CQ has been a set of two webapps running in a standalone servlet engine (by default: CQSE). The first application was CRX, and the second WCM – in CQ5 called “Launchpad”. Launchpad is an OSGi application with Sling, WCM, DAM and the rest of the family. In the two-webapp setup, Sling is accessing CRX using JNDI via an in-memory service provider. Well, it works, but feels awkward – we’ve got OSGi and yet, we use it only for a part of the application. Of course, one could argue that it is a sound failover – even when your OSGi goes wahoomi, you still have access to CRX over HTTP (so e.g. data backup is still an option), but I’ve always asked myself – is it really worth it?

Continue reading: Adobe CQ 5.5 – Platform Architecture Refurbish