Tag Archives: security

Security Absolutism is the Enemy of Security Improvement

Security is an important topic and everyone knows it.  This post is about a curious social behavior around implementing security procedures that often works against incremental improvement of security.

Posted in Design | Tagged , | Leave a comment

Public or Private Member Variables?

When is it OK to make member variables public?

Posted in Coding | Tagged , , , | Leave a comment

SSO: What is it?

Single Sign On (SSO) is a term that is used and abused in the industry.  Most of us think we know what it means — and most of us do, but still many of us have a slightly different and … Continue reading

Posted in Design | Tagged , , , | Leave a comment

Securing against Cross-site Request Forgery

There is a type of attack (CSRF) that every form post is susceptible to.  User 1 is logged into a site A and has a valid session.  User 2 then sends an email message with a form post to site … Continue reading

Posted in Design | Tagged , , | Leave a comment

Working Around Java's SSL Limitations

The Java run-time environment (JVM) is able to support connections to other servers using SSL, but it has this very inconvenient behavior of refusing to connect to self-signed servers.  A self signed server has the public key necessary to ensure … Continue reading

Posted in Example Code | Tagged , , | 5 Comments