Just two quick updates today:
1. A Correction To Last Tuesday’s Post
In Off the Record: Passwords, I recommended the use of SHA1 rather than MD5 hashes when storing passwords. Since then, I have encountered a persuasive argument in favor of abandoning both of them and using bcrypt instead, as it’s designed to be less [...]
In 1999, I accepted a programming job with a company selling voicemail service. When it came time for the boss to demo the company’s product for me in full, he wanted to show me some feature that needed my PIN to be entered. Rather than having me enter it, he turned to his [...]
February 25, 2009 – 16:00
In Validation Vexation, I wrote a bit about ways that validation rules for user-entered data can go awry by being too narrowly-defined. This post adds three more principles for dealing with data validation which are primarily focused on the results of the validation rather than the rules used to do it. The examples [...]
February 16, 2009 – 16:21
Near its end, the CyberPenguin case study mentions the discovery of “some small accounting inaccuracies”. To be exact, users were occasionally being double-charged for sessions.
If you’ve done much software development, that statement alone should be enough to have you thinking “concurrency issue” or, more specifically, “race condition”. Given that the application involved both [...]
(10)
