Saturday, June 2, 2007

Best of this Week Summary 27 May - 02 June 2007

  • This article shows why you probably shouldn't use subdomains to differentiate user accounts as in http://username.mydomain.com, giving a very good reason not to if you're using SSL. Use a REST style (like on Flickr, Del.icio.us) instead, like http://www.mydomain.com/username/. A reason you *could* be using it is to prevent XSS in user generated content sites...

  • How does OpenID work and how can you integrate it into your applications.
    OpenID is an open centralized authentication approach. It performs the same functionalities as SAML but is a slimmed down and lighter version to use. The article gives a good overview and also goes into the protocol details. It also shows how to implement OpenID with OpenID4Java.

  • Firefox plugins are getting more and more attention of hackers via a man-in-the-middle attack. An effective way of implementing this kind of attack is by setting up your own wifi-accesspoint, let your malicious code scan for what comes by, and insert a modified Firefox plugin. SSL connections like on the offical Firefox plugins website do not run this risk (or to be more precise, very limited).

  • Of course the announcement of the availability of Google's Gears was a biggie.

    It consists of three major components:
    LocalServer:
    Database:
    and WorkerPool (async javascript):
    Dojo Offline will be ported to move its API on top of Gears. Trying to make this an industry standard, Google is working with Adobe to get it integrated with Apollo.
    You can use the three components also seperately, you don't need to only use it for writing synchronzation software.
    Note that the workers in the WorkerPool are not threads, that is, they don't share anything with eachother, so they should be considered more as separate processes rather than threads.
    Here's a couple of nice examples with explanation on how you can use Gears.
    The question you can ask yourself is whether we should go down this Javascript road. It is so hard to create rich controls which work well always on all browsers. Are the desktop solutions (Apollo, JavaFX) the better way to go?

No comments: