Just two quick updates today:
1. A Correction To Last Tuesday’s Post
In Off the Record: Passwords, I recommended the use of SHA1 rather than MD5 hashes when storing passwords. Since then, I have encountered a persuasive argument in favor of abandoning both of them and using bcrypt instead, as it’s designed to be less [...]
In 1999, I accepted a programming job with a company selling voicemail service. When it came time for the boss to demo the company’s product for me in full, he wanted to show me some feature that needed my PIN to be entered. Rather than having me enter it, he turned to his [...]
February 25, 2009 – 16:00
In Validation Vexation, I wrote a bit about ways that validation rules for user-entered data can go awry by being too narrowly-defined. This post adds three more principles for dealing with data validation which are primarily focused on the results of the validation rather than the rules used to do it. The examples [...]
February 23, 2009 – 16:37
Be liberal in what you accept, and conservative in what you send.
- Postel’s Prescription
Previous posts here have discussed reducing the burden of data entry on your application’s users by cutting down on the number of items that they are required to provide and, even if something is required, allowing it to remain incomplete for as [...]
February 16, 2009 – 16:21
Near its end, the CyberPenguin case study mentions the discovery of “some small accounting inaccuracies”. To be exact, users were occasionally being double-charged for sessions.
If you’ve done much software development, that statement alone should be enough to have you thinking “concurrency issue” or, more specifically, “race condition”. Given that the application involved both [...]
(10)
