Published on Monday, July 25 2005
From Cryptogram: a paper from Rachna Dhamija and Doug Tygar researchers at the University of California Berkeley outlines a scheme to improve the tools in the hands of the users to fight the problem of phishing.
They describe a couple of protocols, to be implemented by the browser and the server which can augment the trust a user might pose in the interaction with a web application.
The main point made by the article is that the challenges posed by phishing can and should be solved taking into account the usability of the solution for the user, therefore they start by posing the accent on some security properties which sould be addressed by any solution to this problem (and therefore suggest a metodology to test anti-phishing approaches).
I find that these properties might have a more general application to secure software/service development.
Taking into account usability of a security protocol makes it more effective by easing the burden for the human user (which is often the weakest link in the protocol).
A search on google show a good deal of infos on security and usability (some interesting articles i found are here, among these the Usable Security blog).
Published on Monday, July 25 2005
ADF Business Components are part of a deep and wide framework which can be used to build database enabled java applications. It is very easy (also thanks to the Jdeleveloper IDE) to begin working with them and to build data driven applications. But as with any such big framework it is sometimes difficult to gain a good understanding of how to go past the common usage patterns.
What is needed is higher level knowledge of the way the various framework classes work together, and which are the interfaces and the API handles you could use to fulfill a specific application need.
This article form Steve Muench gives you:
a high-level description of the key ADF Business Components classes in the Oracle Application Development Framework, summarizing the methods that ADF developers write, call, and override most frequently.
When i began using bc4j in 2001 i spent quite some time to understand how the different pieces fit together, and some of the solutions i found were not so correct (aka hacks…) from the framework point of view. This document would have saved me more than some headaches!
Also highly recommended for anyone working with ADF is Steve’s weblog: Dive into BC4J and ADF
Published on Monday, July 18 2005
I needed to load and parse some opml in a javascript: any recent browser (aka Mozilla, Firefox or IE6) has the abilty to asyncronously load a resource from the net (all the AJAX stuff is based on this), moreover of this is an xml file it is possible to have it parsed into a DOM object.
But the browsers i tested don’t parse correctly the content returned from the server if it cannot be identified as xml from the MIME type (or the extension). This can be a problem if you cannot set the mime type returned form the server (e.g. is someone elses’ server) and the extension is not .xml (in my case it is .opml).
A search on google didn’t come up with a solution, so here it is how i did it:
function parse(text) {
var doc;
if (typeof DOMParser != 'undefined') {
var parser = new DOMParser();
doc = parser.parseFromString(text, "text/xml");
}
else if (typeof ActiveXObject != 'undefined') {
doc=new ActiveXObject("Microsoft.XMLDOM");
doc.async="false";
doc.loadXML(text);
}
return doc;
}
function load (url, callback) {
var httpRequest;
if (typeof XMLHttpRequest != 'undefined') {
httpRequest = new XMLHttpRequest();
}
else if (typeof ActiveXObject != 'undefined') {
httpRequest = new ActiveXObject('Microsoft.XMLHTTP');
}
if (httpRequest) {
httpRequest.open('GET', url, true);
httpRequest.onreadystatechange = function () {
if (httpRequest.readyState == 4 &&
httpRequest.status == 200) {
callback(httpRequest.responseText);
}
};
httpRequest.send(null);
}
}
I did separate the loading and parsing phases, and using DOMParser for Mozilla/Firefox and XMLDOM for IE, passing them the xmlText. This has been tested with Firefox and InternetExplorer 6
Published on Wednesday, July 13 2005
The Game is Afoot
Geeks understand market competition about as well as men understand women.
Piu’ di una volta ho cercato di trovare esempi per spiegare perche’ la “tecnica” nell’informatica non e’ tutto, soprattutto se si vogliono realizzare e vendere prodotti o servizi, questo articolo di Eric Sink lo fa in modo perfetto… cosigliato a tutti i microisv (o aspiranti tali!).
