Generic capability-based security (CSRF prevention)
23 Aug 2007
Over time I have become more and more interested (concerned?) with the security aspects of web development, and lately I've been looking at defense tactics against CSRF type attacks. To put CSRF into layman speak using a typical example, its an exploitation of sites where the only means of checking whether or not to do something, is to check if the request came from a logged...
Don't mail me my site errors
19 Apr 2007
I wrote recently about how to have your site(s) email you whenever a problem occurs. Trouble is "problem" turns out to be a rather broad scope. If you have a missing file or fundamental problem of some kind, you would want to know so you can fix it; if there was a dead link on your site, you would also want to fix it; if someone just mistypes the url (or follows a link...
Anti Spam tactics
07 Jan 2007
Isn't spam great? every day I get new inspiration in my email for Spamusement (which seems a bit neglected lately), and lately attempts to inspire me via comments on my site have been getting through. Trouble is, I've already got a big willy, my breasts are ample, the cupboard is stocked with Viagra, my insurance isn't up for renewal, and I don't trust stock tips from anyone...