Tag Archives: Development

10 Rules to Protect User Passwords

1 May

loginformMost programmers take a pragmatic approach to security and scale their efforts based on an estimate of the sensitivity of the data they are storing.

The unfortunate truth is that password security is frequently underestimated, making it easy for credentials to be sniffed or stolen.  Users often keep a very small collection of passwords, with many people memorizing a small collection and using them on almost every site and service they use. A password compromise on one site can lead to a compromise on many.

Continue reading 

Tags: , ,

On Omitting Protocols From HTTP/HTTPS URLs

14 Sep

Many websites offer the flexibility to display the same page via both SSL and HTTP. The major problem with offering this is the possibility that embedded content will not be served via the same protocol; many browsers will throw an error if an SSL page embeds HTTP images.

However, there is a simple and W3C valid solution to this problem. Simply omit the protocol and colon from the URL:
<img src="http://isnoop.net/sa/av.jpg">
becomes
<img src="//isnoop.net/sa/av.jpg">

This works with embedding images, links, javascript embeds, and other link types.

The drawback to doing this everywhere is that you must be conscious as to whether the resource you are linking to is available on both SSL and HTTPS. Embedded scripts from services like Google Analytics are well served by this technique. If your enterprise uses a dedicated image hosting server, this is also a highly appropriate solution.

Tags: , , , ,

A Letter to an Aspiring PHP Programmer

6 Aug

Below is an email I got through Zend’s certified engineer website. The questions posed by the writer below are not uncommon, so I have posted his letter and my response for general consumption.

Continue reading 

Tags: , ,

Follow

Get every new post delivered to your Inbox.

Join 193 other followers