Skip to content

A Simple Approach to Site Security

There are two kinds of security that Web sites, applications, and operating systems can provide: perceived security and actual security. Perceived security is still important, because that’s what convinces users that it’s safe to, for example, provide their personal information to your Web site. But actual security is the key. Think of it as the difference between having a sign in front of your house saying it’s protected by a security system and actually having a security system. But if you’re anything like me, you’ve never tried to hack someone’s Web site and aren’t generally inclined to think like a person who would, so how do you make your sites secure? Here’s what I do… Continued…

Posted in PHP, Web Development.

Tagged with .

6 comments

Last updated: November 5, 2010

The Second Rule of User Interface

Some months ago, I wrote a post titled The First Rule of User Interface. The rule is simple: A proper user interface sets the user up to succeed. By this I mean that if the site requires certain information, or information in a specific format, that should be clearly indicated in the user interface. A site, or any application, should make it clear up front what is expected, as opposed to indicating what the user should have done only upon a failure to do so. Tightly coupled with this is my “Second Rule of User Interface”: Don’t fight the user’s habits. If the first rule could be paraphrased as “Tell the user what you expect”, then second rule could be said “Don’t deny what the user expects.”

This rule comes into play in many ways, from where navigation elements should be located, to how buttons and links behave. It also means that you shouldn’t “break the browser” by attempting to disable JavaScript features (such as Control+Clicking or Right+Clicking on an element), preventing use of the back button, and so forth. This last issue—wanting the user not to use the back button—is a big mistake. (And keep in mind that most attempts to circumvent common browser behavior can be easily circumvented by disabling JavaScript.)

Fortunately, you can have your proverbial cake and eat it, too. This is to say, there are ways to accomplish your goals without undermining standard user or browser behavior. For example, if it might be a problem if the user clicks the back button, write the site’s code to address that possibility (sessions can be used towards that end). As another example, if you don’t want the user to copy images, well, that’s a tougher one. You can use JavaScript to prevent that, but JavaScript can be disabled. You can embed the image in Flash so that it’s not directly copy-able, but the user could still take a screen shot. The fix is simple: add a watermark to the images, when necessary. With any possible example, the main idea is this: when something a user, or the browser, might commonly do could be a problem for your site, program the site to handle that possibility. Whatever you do, don’t try to prevent the user from doing something their accustomed to doing on every other site they visit. If you take that approach, all you’ll succeed in is driving away your visitors.

Posted in Web Development.

Tagged with , .

No comments

Last updated: March 13, 2011

Time Flies: Flex Book Update

For those of you that read this blog regularly (-ish), my apologies for the lack of posts last week. I’m continuing to work my way through my new book, “Effortless Flex 4 Development,” and it’s taking up all of my time. But I’m over two-thirds of the way through the book now, having just completed the second section. That’s the heart of the book, focusing on data and communications. The last third of the book will be written over the next couple of weeks. It covers “finishing touches” types of concepts, such as styling applications, effects, using popup windows, and so forth. These will be shorter chapters and involve information that you wouldn’t necessarily use on every project.

I believe the book will be published in July. The list price is about $45 (US), but you can normally get books for much cheaper than that. Amazon currently has it at $33.44. You can also read the book as I’m writing it via Safari Books Online.

Posted in Flex.

Tagged with .

1 comment

Last updated: November 5, 2010

C++ Development Tools

When I wrote my C++ Programming: Visual QuickStart Guide book back in 2005 (with co-auth0r Andreas Signer), I had to decide what software to recommend for C++ beginners. As with most languages, full-time experienced programmers may like serious, complete tools, or commercial products, but I often find that software on that level can provide too much of a learning curve for someone simultaneously trying to learn a programming language. What I like to recommend in my books is software that’s approachable, reliable, and, preferably, free. So, for the C++ book, I recommend Bloodshed’s Dev-C++ for Windows.

At that time, Dev-C++ was more or less a standard for beginners (and it was free). I used either version 4 or the beta of version 5 for the book and for years readers seemed to be fine with Dev-C++. Now it seems that either Dev-C++ is no more or just not a good enough option. The Dev-C++ Web site is down, although I don’t know yet if the site is down for good. You can still download Dev-++ from Sourceforge, but it’s the five-year old version.

In searching for good alternatives to Dev-C++ (I don’t use Windows regularly, so couldn’t make a recommend on that myself), I came across a post about why you shouldn’t use Dev-C++. That writer recommended Programmer’s Notepad, Code::Blocks (which also runs on Mac OS X and Linux), and the free edition of Microsoft’s Visual Studio.  I haven’t used any of these, so I can’t personally recommend them, although I have used the full version of Microsoft’s Visual Studio (years ago for C# programming in ASP.NET), and can attest to how good it is as an IDE. In the comments to that post, some readers still say that Dev-C++ is so much easier to learn with than the others, so I wouldn’t rule that out entirely.

Posted in C and C++.

Tagged with , , , .

10 comments

Last updated: November 5, 2010

BumpTop, a Snazzy Desktop Application

I recently StumbledUpon BumpTop, a commercial product that greatly changes (dare I say “revolutionizes”?) how you use your computer’s desktop. It runs on both Windows and Mac OS X and is quite reasonably priced. The best way to get a sense of BumpTop is to watch the videos available at their site. It’s just cool.

Posted in Mac OS X.

Tagged with , , , .

3 comments

Last updated: November 5, 2010