We are working on a design that will keep TiddlyDocs as generic as possible. The core TiddlyDocs product will have a concept of “rooms”. This is the same kind of room you see in online forums or chat sites, where everyone inside the room contributes and sees content inside the room they’re in, and can’t [...]
Entries Tagged as 'Security'
TiddlyDocs User Authentication – Generic Design and Custom Features
August 14th, 2009 · No Comments · SoftwareDev
Tags: Osmosoft·Security·TiddlyDocs·tiddlyweb
The New Registration and Login Grammars
June 25th, 2009 · 8 Comments · HumansAndTech, SoftwareDev
There is a well-established “grammar” for how we sign up and log into websites. Provide your name, email and password; verify the email; login to the site with username and password until you’re timed out. You know the drill. But a wave of new web apps and protocols is challenging the status quo, breaking the [...]
Explaining the “Don’t Click” Clickjacking Tweetbomb
February 12th, 2009 · 5 Comments · SoftwareDev
I just noticed some of my Twitter friends posting the following mysterious message:
"Don't Click: http://tinyurl.com/amgzs6"
It turns out this is a Tweetbomb. If you go to that link and click on the button below, you end up tweeting the same thing:
... thus all your friends see it and some of them click on it and re-post [...]
Tags: Clickjacking·Security·Twitter·Web
Frame-Busting Gadgets
September 16th, 2008 · 3 Comments · SoftwareDev
In the questions after my @media ajax talk, Simon Willison asked about frame busting. If gadgets sit inside iframes, what's to stop them from busting the frame, i.e. replacing the container with another website. I notice he made a similar comment when OpenSocial came out. If a gadget can cause iGoogle to go away in [...]
Tags: Add new tag·Ajax·AjaxPatterns·Gadget·iGoogle·OpenSocial·Security
OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing
November 10th, 2007 · 22 Comments · HumansAndTech, SoftwareDev
OAuth, OpenID...they sound like the same thing and they kind of do vaguely similar things But I'm here to tell you, OAuth is not Open ID. They have a different purpose. I've been playing around with OAuth a bit in the past couple weeks and have a grip on what it's aiming to do and [...]
Ajax Functionality and Usability Patterns – Podcast 4 of 4: Functionality Patterns
September 23rd, 2006 · 2 Comments · Links, Podcast, SoftwareDev
This is the fourth and final podcast in the series on Ajax functionality and usability patterns (Book: Part 4, pp 327-530). This 54-minute podcast covers seven patterns of Ajax Architecture (Book: Chapter 17, pp 473-530):
Lazy Registration Direct Login Host-Proof Hosting Timeout Heartbeat Unique URLs Dynamic Favicons
Dedicated to the Nitobians, whose last podcast inspired me to crank another one out again. Recent events [...]
Tags: AjaxPatterns·DHTML·Encryption·Javascript·Links·Security·Web·Web2.0
Wikipedia as a Honeypot
December 7th, 2005 · No Comments · HumansAndTech
How long until wikipedia becomes a honeypot?
"Who wants to be a millionaire" contestant is struggling to answer the question, "What year did the Fonz jump the shark?", and calls out to Lifeline Buddy. Back in 2005, Lifeline Buddy would have googled for the answer. But this is 2007, and "wiki" is now a household name [...]
Host-Proof Authentication?
November 30th, 2005 · 1 Comment · HumansAndTech, Links, SoftwareDev
Abe Fettig's done some important experimenting to arrive at a direct remoting technique, one which bypasses the need for a Cross-Domain Proxy and doesn't rely on cross-domain On-Demand Javascript. Compared to the latter technique, Abe's idea is more functional, because you get the power, expressivity, and bidirectional capability of XMLHttpRequest, as opposed to the On-Demand [...]
Tags: AjaxPatterns·Javascript·Links·Remoting·Security·XMLHttpRequest

