This week I found what I thought was a bug in Rails 2.3: it does not check the anti-CSRF authenticity token for AJAX requests. Due to years of experience with Rails I knew that this was not the previous behavior I have come to expect, so I dug around and learned that this behavior was […]
Category Archive for 'Security'
Thursday, February 28 was a long day for me, but in a good way. It started almost like any normal morning, except I had to wake up 20 minutes early to handle the morning care and feeding of my animals. That task is one my wife usually performs, but she had to run out extra […]
Recently Oracle released a 272 page document outlining some recommended best practices when implementing SOA with its suite: http://download.oracle.com/technology/tech/soa/soa_best_practices_1013x_drop3.pdf I was going to review it for its security best practices and WS-Security recommendations… but there are not any. Take that to mean what you will.
I have had some thoughts recently about the security of SOA (Service Oriented Architecture). When using SOA, the services are often made available using SOAP (Simple Object Access Protocol) messages communicated using HTTP. Naturally, it is important to keep data secure as it is transmitted from requester to servicer and vice versa. Should one use […]
Sorry for the delay in posts here, but I have been sick the past week, and getting back into my regular routine has been challenging since. Also, rather that just post random musings of the day like many other blogs, I try to provide useful original content based on my experience. However, today I will […]