Chapter 1: When you’re satisfied with how your test functions to a web application such as Flickr are working and you then move to encapsulate the code into a reusable form, make sure you follow Simple Rule #1: rather than spending a considerable amount of time hacking, tearing apart, and picking to pieces the code […]
Category: Technology
Categories
Rewriting metadata layer
I’ve decided that the current implementation of the metadata layer is unworkable. Too vulnerable, and becoming too cumbersome for developers to work with. Additionally, since it has a significant overhead, and not everyone is interested in it, I’m pulling it out as an integrated component and adding it as a drop-in infrastructure that takes advantage […]
Categories
The open source dance
While I struggle with my own security demons, Thomas Waldegger emailed to let me know that the BugTraq security alert for WordPress has gone live. I am still getting requests for a patch file for this issue, and would rather that the WordPress team respond to these since the notice has gone public. This alert does […]
Categories
Securing the form
Wordform’s metadata extensions require form elements with a minimum of a button to push — usually with fields to fill in. These form elements are incorporated into the general gen_metadata.php page, depending on which extension is currently being invoked. The gen_metadata.php (see source) file accesses the extension directory and outputs a list of available extensions — […]
Categories
CVS Check-in
In order to help faciliate code walk throughs for those who are willing to help examine the Wordform source code for security and other problems, I’ll be looking at checking this code into SourceForge CVS in the next couple of days. I’ll probably also re-release the source code then–without the metadata extensions, until these are […]