Securing your data and password online


Quite often I get into conversations with people about the security of their personal data when they put it online. This often stems from the fact that I do not use my real name in my facebook account. ‘Why?’ they ask and the conversation starts. The answer for me is obvious but many people are oblivious to the dangers of throwing their data around the internet.

Have you ever Googled your own name?

Try it and see what comes up. I search names all the time. Web spiders crawl the internet consistently and the data they can extract is incredible. Some people may not mind Google knowing everything about them, but personally is rubs me the wrong way as I have never given them permission to collect my data.

Read the rest of this page »

Should you use OpenID or other website’s services (facebook, twitter) for website login?

Recently I was developing a website where the owner was interested in use OpenID for their user to login with. Now there are many positive reasons to use an OpenID login, but before jumping into development I conducted research into the pros and cons of such a login method. In the end we decided not to use OpenID for it appeared to be a nightmare.

In short. I personally would ‘almost’ never opt to using OpenID or other similar login services from other website as a login system for my site.

‘Almost never’? I hear you say. We’ll it does have some advantages but in short I would not use it. Unless there was a significant advantage to use it. Such as accessing a users facebook friend list.

Read the rest of this page »

Dynamic vs static imaging. Which to use, the pros and cons.


All website have images (well all the good ones). In fact most websites have many images. If you build a website where the public can upload images then you start getting hundreds and thousands and millions of images. At this point the use of the images and how they are managed becomes an area where significant thought and planning must be incorporate into the image management.

Generally there are 2 main options for images, both of which are going to be explained here. Dynamic and static images. This article assumes knowledge of HTML and server side scripting.

Read the rest of this page »

Securing forms and URL data submissions.


Please see my article Vulnerabilities in forms and URL Parameters for more info on the vulnerabilities.

There are a few ways the data transmissions from forms and URL parameters can be made more secure. Some of these practices can be used, or all, for extra security. Below I’ve listed a few important guidelines and other tips that can be used to secure forms.

Golden Rule #1
Never rely on Javascript for error checking or to validate the content submitted. This is a poor mistake to make. Javascript is easily hackable because it is client-side script. This means that the processing of the code is carried out on the clients machine, the server-side script has no control over it. So a user can edit this code and change the way it processes data. This leads onto the next rule!

Read the rest of this page »

Vulnerabilities in forms and URL parameter data


One of the most commonly overlooked areas in web design is the transfer of information via forms and URL parameters. I see it quite often and this can open a website to dangerous vulnerabilities. There are many practices that should be carried out to keep a website secure but this focus purely on the passing of data between pages via form and URL parameters. This article assumes you have some amount of knowledge on HTML and server side scripting.

So what is the problem?

The problem is that the content of forms and parameters can easily be changed. It is one of the easiest ways to hack a website. Anyone can view the code and edit an input value without too much fuss. A URL parameter can be edited right within the URL address bar. Both of these situations can be done by anyone viewing your website without any special software or extensive experience.

Read the rest of this page »

My new blog site!!!


Hi and welcome to my new blog. I’ve decided to create this blog to start sharing my knowledge and ideas as well as storing them for future reference. Providing me with a central storage of information from my findings and research that I can share with others.

I’ve been building websites for around 15 years, and as you can imagine, in that time I have overcome many issues in a variety of situations massing an immense amount of knowledge on the subject. I have been formally trained a university, have tutored and been a teacher in programming and website development. All this among many years of development for various businesses/clients. With the ever advancing nature of technology there are always new challengers and problems to be solved and never a shortage of information to be shared.

So I hope you enjoy the information that will be contained within. Please feel free to comment, like, contact, etc. All that wonderful social and interactive internet magic.