Category Archive for 'Security'

Rails, Django, and Just-Barely-Enough CSRF Protection

Saturday, April 10th, 2010

This week I found what I thought was a bug in Rails 2.3: it does not check the anti-CSRF authenticity token for AJAX requests. Due to years of experience with Rails I knew that this was not the previous behavior I have come to expect, so I dug around and learned that this behavior was […]

Chisec 16 and C

Monday, March 3rd, 2008

Thursday, February 28 was a long day for me, but in a good way. It started almost like any normal morning, except I had to wake up 20 minutes early to handle the morning care and feeding of my animals. That task is one my wife usually performs, but she had to run out extra […]

Security Missing in Oracle Best Practices

Tuesday, February 12th, 2008

Recently Oracle released a 272 page document outlining some recommended best practices when implementing SOA with its suite: http://download.oracle.com/technology/tech/soa/soa_best_practices_1013x_drop3.pdf I was going to review it for its security best practices and WS-Security recommendations… but there are not any. Take that to mean what you will.

WS-Security versus SOA over SSL

Thursday, October 25th, 2007

I have had some thoughts recently about the security of SOA (Service Oriented Architecture). When using SOA, the services are often made available using SOAP (Simple Object Access Protocol) messages communicated using HTTP. Naturally, it is important to keep data secure as it is transmitted from requester to servicer and vice versa. Should one use […]

Internal Machine Security

Saturday, October 6th, 2007

Sorry for the delay in posts here, but I have been sick the past week, and getting back into my regular routine has been challenging since. Also, rather that just post random musings of the day like many other blogs, I try to provide useful original content based on my experience. However, today I will […]