Coding Best Practices Part 3
This blog outlines coding practices that any professional developer using the finPOWER Connect API should adhere to.
finPOWER Connect is written entirely in VB.NET. All sample scripts are also written in VB.NET. Although C# is an option, Intersoft Systems does not provide support for this.
In this third blog we will look at Secure Coding Practices and Programming Languages.
Related Blogs
More information is available in the finPOWER Connect Programming Guide.
Best Practices
Secure Coding Practices
Intersoft strongly recommends that script authors apply Secure Coding practices and principles whenever writing scripts for finPOWER Connect. More information can be found at the Open Worldwide Application Security Project (OWASP) web site https://owasp.org/.
For example:
- Ensure servers, frameworks and system components are running the latest approved version.
- Remove test code or any functionality not intended for production, prior to deployment.
The following additional resources are available at the OWASP web site:
- OWASP Secure Coding Check List:
- OWASP Developer Guide (draft):
- OWASP Code Review Guide:
For more information regarding OWASP compliance within finPOWER Connect, please request a copy of the finPOWER Connect OWASP Check List Compliance Guide.
Programming Languages
finPOWER Connect is written entirely in VB.NET. Sample Scripts, HTML Widgets, Documents etc are also written in VB.NET. Although C# is an option, this is not discussed in this document and not directly supported by Intersoft Systems. If you are considering using C#, please review the following points:
- All documentation, programming guides and blogs are written with VB in mind and the sample code supplied in them is written in VB.
- All sample Scripts, HTML Widgets, Documents etc are provided as VB code.
- C# version supported is 7.3 (limited by the .NET Framework). Currently C# is at version 11.
- Some functionality may be harder to use or even not work.
- Decision Card Rules only support VB.
- Because something works in VB, that doesn't mean it will work, or work as well, in C#.
- If a sample Script, Document, HTML Widget etc (all written in VB) changes in a future version it makes it much harder to update a script that has already been converted to C#.
- This is a major drawback.
- Converting everything to C# is a huge and costly job that would take a long time.
- The .NET Framework is the same, regardless of the language used.
- The major learning curve is the finPOWER Connect Business Layer
- Therefore, as we only supply VB samples, and associated reference materials are VB centric it may make it difficult for a programmer new to the software to pick up the Business Layer and start scripting in C#.