90% of the background components and methods are dumb. That is, they simply call into the database to retrieve data from a stored procedure using the octogenarian code, SQLConnector. This database library is nearly as old as Northwoods and has not really changed much over the years. Those 90% are self-explanatory and will not be discussed in detail. Only those components that do something will be discussed.
Shared Files
The components solution file is the location of files common to all solution files. In particular:
- CommonAssemblyInfo.cs stores the version and Titan copyright version. Every project in the Titan system references this file and strips down its AssemblyInfo.cs to only project-specific information.
- EventLogNames.cs stores constants for Titan-specific event log usage.
- CounterNames.cs stores constants for Titan-specific performance counters.
AppControl
The AppControlData project contains 2 classes that are used for communicating with the AppControl database. AppControlData is the base class and provides simple key get routines; CmsAppControlData has getter properties for many of the more commonly used AppControl variables. AppControl uses a static constructor to load its cache. There is no reload mechanism. Thus, once loaded, the only way to reset the AppControl cache is to reload the components (e.g., restart the background service or recycle the web services).
Logging
CMS Version 3 used a Microsoft application block for logging. It was overkill for Titan and did not have a consistent installation process, causing multiple installation headaches. With the introduction of the health monitoring API, Titan dropped the application block. The health monitoring API is lighter weight and, given that no one has actually made use of the trace features built into the components, lighter weight is better. The CmsLoggingSupport project builds the NWS extension components.
User Management
User management, via InternalAuthenticationFunctions.cs calculates the password hash. Yes, doing your own password storage and validation is bad. However, Microsoft’s libraries did not fit the Titan model and we wanted to pull away from the AD/AM dependency.
Titan generates a cryptographically random salt per user and stores the salt in the database along with the user record. The purpose of the salt is not to be secret, but to increase the amount of time a dictionary attack will take if your database is compromised. One salt/user is sufficient for this purpose.
The hash itself is generated with SHA256, the smallest hash that, at the time of implementation, did not have an exploitation. To prevent exploits related to time to calculate, the hash is executed 100K times before storage.
Search Components
Over the years, the Search Components have required little to no maintenance. They have functioned well. That said, there are some things are worth of note:
- Search was designed to be a pluggable component. However, at this point in time there is only one plugin, dtSearch. There had been plans to create a plugin based on the Google appliance or SQL’s full-text indexing capabilities. Neither of those plugins was ever built.
- Search makes using of “Cassini”, the ability to create a stand-alone web server. Instead of connecting directly to the existing display server we create an independent web host that can serve up the web page content. This off-loads the nightly indexing task from the actual web server and allows us to control the content that is rendered for indexing.
- The utility program “CheapTest” is a command-line program that lets you directly start and step into a build or start and step into a search request. Realize, though that dtSearch is threaded so you cannot step directly into the indexing operation.
Browse Views/Advanced Search
Both the browse views and advanced search generate dynamic SQL inside the component layer. Neither generates the full SQL statement, but instead generate parts of the query. Those parts are sent to the database, combined into the full SQL statement and executed. The component code is pretty straightforward, even to the point of the replace code.