From time to time, I’ve been asked to make a list of my design ideas, or to develop a better proposal for an idea I have. This really irritated me: didn’t he believe me? Didn’t he trust my ideas?
Just saw this really cool example get submitted on one of my websites testing for CSRF:
I thought I’d take some time to look at the 3 main ways that I’ve handled forgotten passwords on my websites, why I did them that way, and if there was anything wrong.
After reviewing the Google Javascript API project, I am torn. Pro’s and cons below… What do YOU think?
I remember a while ago hearing about a few theoretical collisions of the MD5 algorithm, but I thought nothing of them. Now, as more information emerges, Microsoft is issuing advisories, and people are proving more and more collisions with example code, and even md5 is out of vista, I figure its time to remind everyone not to use MD5.
After many times of coding relatively the same thing, it becomes prudent to have a standard library for certain sets of processes. Of course - that is why there are things like frameworks! At any rate, one of the biggest things I run into is password complexity. Each website has its own requirement for the security they want to implement. So, let’s talk about the requirements and then look at the code:
I really hate to see people accessing and designing objects with public attributes. So many times I’ve seen this backfire. Let’s take a few examples and see why this matters:
While communicating with other coworkers, they generally just give me a trac ticket # and not the full URL. And, as a lazy programmer, I hate typing in the full URL or loading up trac and searching the #.
While searching for employment, I realize I can’t be super picky - but my household does have needs! Because of this, I’ve developed a quick calculator / bookmarklet for the browser that I thought I’d share. It allows you to enter a yearly or hourly amount, and it shows the corresponding amounts. This tells you if that salary posting fits within your needs.
After looking at the Windows model for controlling file access, I realized I could also do that for user authorization control.