Sharing my knowledge

One of the Top E-Commerce Website in India Stores Passwords Incorrectly

Disclaimer: I am not a security expert nor a hacker, but just a developer.

This incident made me feel very bad – couple of weeks before I ordered a product from naaptol a well-known E-Commerce website in India.  It was the first time I was ordering something from them. So I had to register first, after the registration was completed got a confirm email from them

Oops!!! My password is clear text.

I thought they might be generating the email during the registration process before it is stored in their database. Without bothering much, I ordered the item. Thought about investigating about this little bit, but somehow forgot it.

After few days when I got the product which I have ordered, it reminded me about this password incident. So in order see whether they are hashing my password or not, I used their “Forgot my password” option. It asked for my email address. After the submission got a message saying

We' have sent you an e-mail at the submitted ID including instructions. You'll be back to your shopping place in no matter of time.

As expected, got an email from them

It reads “Here is your new Login and Password” and surprisingly password they gave is same as my old password even though in the email it is mentioned that they are sending a new password. It confirmed that they are not hashing the passwords.

Will it be in plain text? Who knows…

Did someone tell you internet is not a good place to store your secrets?

I tried to play a nice role, so sent them an email telling about about the password hashing problem. You know what happened… no reply from them till now.

If you are in the naaptol technical team, convince your boss about the importance of securing the password and push that functionality in the next release.

If you are a non-technical manager in naaptol, tell your developers to read this article from Jeff - You're Probably Storing Passwords Incorrectly

Web Usability– avoid an extra page load with OpenSearch.

Now a days most of the websites, blogs or any applications that are on internet will have a search functionality which is great!!!. Before the Omnibox concept was introduced by google chrome, if we want to search something in google, as a user I need to go to www.google.com and type the search query. After the introduction of Omnibox, user don’t need to open the google website instead you could do the search from the address bar itself. From the usability point of view, it is a great functionality IMHO.

From the point of google search application, they have done it smartly. As a web developer how could you provide the same usability feature to your own website. Some of the website I frequently visits has done like this.



If you are in google chrome, after you type the stackoverflow.com a message will be displayed on the address bar saying that “Press Tab to search Stack Overflow”. If you press tab, you can directly type the search query in the address bar itself and pressing enter will show the results. This basically allows you to do a quick search, instead of going to the website and finding the search box and pressing search button(a long process is it? Smile)


MVC - Rendering view elements in a specified order

In my current project, I had to render elements in the view based on a setting provided by the model(basically it is a configurable thing). Few clients need view element to be rendered in a particular order and few others in a different way. What we did was, saved this elements order in a settings file which could be changed based on the clients. Then created an extension to render this based on the order.

This is what was I was trying to explain. for  Client 1 the “Login section” to be displayed first followed by “Password reminder section


For Client 2 , these sections needs be ordered differently


In order to achieve this, I came up with an HtmlHelper extension

/// <summary>
/// Renders the render items in the provided sequence order.
/// </summary>
/// <param name="htmlHelper">The HTML helper which is extended.</param>
/// <param name="sequenceOrder">The order in which items to be rendered. Sequence starts at an index of 0.</param>
/// <param name="renderItems">The items to be rendered in order.</param>
/// <remarks>
/// Values in the sequence order should match with the total number of render items. 
/// Invalid sequnce numbers are ignored.
/// </remarks>
public static void OrderBy(this HtmlHelper htmlHelper, int[] sequenceOrder, params Action<HtmlHelper>[] renderItems)
    if (sequenceOrder != null && renderItems != null)
        foreach (var sequnce in sequenceOrder)
            // CHeck whether the sequence is with inthe bounds
            if (sequnce < renderItems.Length && sequnce >= 0)
    else if (renderItems != null)
        // If the sequence order is not provided, render it in normal order in which items are declared.
        foreach (var renderItem in renderItems)
        // Do Nothing

In the view, you could do

<% Html.OrderBy(this.Model.LoginDisplayOrder, (html) => { %>
    <div class="container"></div>                
    <% Html.RenderPartial("LoginSection", this.Model); %>
<% }, (html) => { %>
    <div class="container"></div>
    <% Html.RenderPartial("ReminderPassword", this.Model); %>
<% }); %>

Here Model.LoginDisplayOrder is just an array of integers in which the items to be rendered. Hope this will help.

Create a live aquarium wallpaper in Android

image image

Download the source code: http://www.rajeeshcv.com/download/LiveAquariumWallpaper.zip Android package: http://www.rajeeshcv.com/download/LiveAquariumWallpaper.apk (I have only tested this in the SDK simulator and haven’t considered all the screen sizes, so may find some UI glitches)
Few weeks ago I started learning Android programming , so this article is an outcome of that out-side office study :). Here I will be explaining – how to create a live wallpaper which looks like an aquarium with fishes swimming across the screen. The fish animation is done using sprite technique. Courtesy :
  1. Fish sprite used here is from a code project article - http://www.codeproject.com/KB/GDI-plus/LovelyGoldFishDeskPet.aspx
  2. Creating animation using sprites - http://www.droidnova.com/2d-sprite-animation-in-android,471.html
Lets get started…. Starts by creating new Android project in eclipse (I am not familiar with any other IDEs for Android development :) ). Now create a class for your live wallpaper service, I called it as AquariumWallpaperService, then instantiate the AquariumWallpaperEngine. This engine is responsible for creating the actual Aquarium class which does all the rendering logic. It also controls the flow of Aquarium based Surface callbacks Below is the code for  AquariumWallpaperService
public class AquariumWallpaperService extends WallpaperService {

    public Engine onCreateEngine() {
        return new AquariumWallpaperEngine();

    class AquariumWallpaperEngine extends Engine{    

        private Aquarium _aquarium;

        public AquariumWallpaperEngine() {
            this._aquarium = new Aquarium();
            this._aquarium.initialize(getBaseContext(), getSurfaceHolder());

        public void onVisibilityChanged(boolean visible) {

        public void onSurfaceChanged(SurfaceHolder holder, int format,
                int width, int height) {
            super.onSurfaceChanged(holder, format, width, height);

        public void onSurfaceCreated(SurfaceHolder holder) {

        public void onSurfaceDestroyed(SurfaceHolder holder) {
Aquarium class wraps all the rendering logic, as well as creating the fishes. This also starts a thread which is responsible for updating the view.


It’s better to automate, instead of checklists

In my day to day activities I have seen many checklists like

  1. Code review checklist
  2. Source control check-in checklist
  3. Developer checklist
All these are good because it helps to reduce failures but does everyone follow these all the time???. Sometimes I(or any developer) forgot to go through the checklist due to many reasons like time constraints, lack of concentration etc… and I don’t think we should blame anyone for missing this because - “We all are humans and we tends to forget”. Only way we could reduce these mistakes is to automate!!! wherever possible. In my current project, all the aspx page should have direction(dir) attribute in the html tag as part of the localization work. As usual an email checklist for localizing an aspx page was sent to all the developers, out of that one item was to include “dir” attribute whenever they add new aspx file. Everybody followed this in the initial stages but later everybody forgot about this requirement, which caused extra hours of effort to fix it in all the pages. It could have been avoided if we had a automated process which verifies this. In order to automate one way is to write a custom MSBuild task which could verify whether a aspx file has “dir” attribute, if it doesn’t fails build (this whole idea came from http://blogs.msdn.com/b/simonince/archive/2009/07/10/enforcing-unobtrusive-javascript.aspx). If you want to learn about writing a custom MSBuild task, I suggest  - http://msdn.microsoft.com/en-us/library/t9883dzc.aspx So below the code which creates this custom MS Build task


User experience makes applications stand-out

What makes your application different from others? I strongly feel the user experience that you provides plays an important role to be successful. Some of us might have felt that(at least myself), you woke up one day with a brand new idea but later you realize that somebody had implemented that an year back. Which is a frustrated feeling, I have been to that situation so many times. So even if that idea exists already, how to make that idea a successful one.

Say if you are going to enter in to a world where there are n number of similar applications, how will you attract the users? A great example may be GMail, IMHO they entered to the party when Yahoo and Microsoft where ruling email market. But now GMail is much popular than other email service providers. One reason I could think of for this success is the experience that you get as a user.

Not sure whether anybody has noted this or not but today when was about to send an email to my friend, I got a message box saying “Did you mean to attach files?


Yes, GMail reminded me to attach the file. I was surprised to see this, GMail has intelligently scanned what I have typed in the email message and gave me suggestion before sending…. WOW!!!!!. I checked whether Yahoo mail has got this feature, not yet. That makes GMail stand-out from others.

Asp.Net MVC - Fluent Html helper for FlexiGrid

There are so many free JQuery Grid plugins out there, in that I liked FlexiGrid just because of it’s look and style. In order to use it in your MVC application you may have to put the Javascript code into your view, which requires the property names of your model in order to generates the Grid columns as well the search options etc… as everybody knows when you deal with hard coded string as the property names in any code, it is error prone.

In order to avoid this problem I thought of creating a html extension which is tightly coupled with your data that is going to bound to the Grid. Which helps the developer from writing any javascript codes(I know those who hates(not me! :)) writing Javascript code like this extension).

This project has been uploaded to - http://code.google.com/p/mvc-fluent-jquery-plugin-controls/. You could find more details from there.