Blog

October 8, 2024
in AL
2 min read

Isolated Storage is no guarantee of security

During code reviews and the analysis of partner apps, I have often noticed that centralized "Isolated Storage Management” codeunits are created which have getter and setter procedures. This is certainly nice from a code structuring point of view, but from a security point of view it's a nightmare.

The AppSourceCop gives an indication of the security problem:

AppSourceCop Warning AS0081 - InternalsVisibleTo should not be used as a security feature.

The InternalsVisibleTo setting will expose your internal objects to any extension with the given name, publisher, and ID. Access modifiers are not designed to be used as a security boundary, but for API development.

Source

This message is unfortunately ignored far too often, but it is really important!

October 30, 2023
in DevOps
4 min read

Using GitHub Codespaces for AL development

From an DevOps and develop experience (DX) point of view, the announcement that the Visual Studio Code extension for AL development now runs on linux (src) was super exciting for me. At first glance this is not a great thing as most of us have little contact with ubuntu and its ilk in our professional lives. But the Linux support is the basis for remote development and GitHub Codespaces.

October 23, 2023
in General
2 min read

Hello World

After i have been thinking about it for a long time i have decided to start a blog.

Let me introduce myself and explain what to expect.