Shane on Apr 17th, 2006Passwords Should Always be Encrypted
I signed up with changenotes.com recently and like most web applications you have to confirm your account. When I read the confirmation e-mail I noticed the URL had my password in plain text in the url as “pass=MY_PASSWORD”!!
Web developers, you should always encrypt passwords! Passwords should be one-way hashed with a randomly generated salt. […]
Shane on Mar 28th, 2006Keeping track of user-made changes
In my web application I have been building for over a year, registered users can edit content. This is structured content that is stored in different fields and database tables. Every change that a user makes needs to be approved by a moderator/admin user. There are a couple of ways you can do this, and […]
Shane on Mar 8th, 2006How to persist Rails sessions via cookies using the Login Engine plugin
I absolutely can't stand having to log in to web applications on every visit. If I manage to remember what login I used, I'm not going to remember the password. It's just one more unnecessary step that I don't want to take.
If you're building a Ruby on Rails application that requires authentication, you're probably [...]
