CodeDiesel : Resources, tutorials and articles for the Web Developer and Designer

Google Chrome benchmarks

Posted in: google,javascript | September 3, 2008 | ( 1 ) Comment

Google Chrome Beta for Windows is finally here. There are many factors that make this browser interesting; being open source and using the WebKit rendering engine is one of them. But one of the great things is the speed of the JavaScript engine. Chrome uses Google’s open source V8 JavaScript engine, and it is amazingly fast. I ran the SunSpider 0.9 benchmark and here are the results:
Read More

6 Simple principles of secure website design

Posted in: security | August 27, 2008 | ( 1 ) Comment

Simple design usually underlies a successful security mechanism on a web site. Make it more complex than required and the user suffers from a barrage of logins and redirections. Make it too simple and you risk your site being compromised.
The following 6 principles draw on ideas of simplicity and restriction. In the following list the word ‘subject’ can mean program or user and the word ‘object’ can mean a program, file, url.

1. Principle of least privilege:
A subject should be given only those privileges that it needs in order to complete task. The principle of least privilege states that only the minimum access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary.

2. Fail-safe defaults:
Unless a subject is given explicit access to an object, it should be denied access to that object. Design your sites so that when it fails, it fails in a secure manner. For example when an ATM fails, it should shut down, and not spew money out its slot.

For example take the following code in PHP:

$access = $IsAccessAllowed($user); 
if ($access == ERROR_ACCESS_DENIED) 
{ 
// Security check failed.
// Inform user that access is denied. 
} 
else 
{ 
// Security check OK. 
}

The code looks fine, but what if the IsAccessAllowed function fails. The default execution path in the above code is to grant access to the user. A better version is show below. Here the default access is set to ‘DENIED’. Only after IsAccessAllowed is successfully executed and it returns a ‘NO_ERROR’ message is the user allowed access.If for any reason the IsAccessAllowed function fails the default action is to deny access.

$access = ERROR_ACCESS_DENIED; 
$access = $IsAccessAllowed($user); 
if ($access == NO_ERROR) 
{ 
// Secure check OK. 
// Perform task. 
} 
else 
{ 
// Security check failed. 
// Inform user that access is denied. 
}

3. Economy of mechanism:
Security mechanisms should be as simple as possible. Security is like a chain; the weakest link breaks it. Simplicity means fewer links and fewer points of vulnerability.

4. Complete mediation:
All access to objects be checked to ensure that they are allowed. Every access to every object must be checked for authority.

5. Open design:
Security of a mechanism should not depend on the secrecy of its design or implementation.

6. Psychological acceptability:
Security mechanisms should not make the resource more difficult top access than if the security mechanisms were not present. The security mechanism should be designed taking the user in mind. For example; If a user on your website has to set a dozen permissions on his profile page or payment preferences, he will surely give it a miss, thus opening a security hole hackers can exploit.

The details of security mechanism implementation can vary for various web languages like PHP or .NET, but keeping the above principle in mind can go a long way in securing you website.

For more detailed and excellent information you can visit here.

Internet Explorer 8 WebSlices

Posted in: microsoft | August 13, 2008 | Comments Off

WebSlices, what?
Internet Explorer 8 has introduced a new feature, WebSlices. In a nutshell, WebSlices enable websites to connect with users by allowing them subscribe to content directly within a webpage. WebSlices behave just like RSS feeds, but instead of subscribing to XML feeds you subscribe to portions of a particular website and receive updates when the content changes. The slices corresponding to a particular website are polled at user-defined intervals to keep the content fresh.

With the help of WebSlices you can keep your users connected to your site. Any content on your site that regularly changes can be tagged as a WebSlice. For e.g products, horoscopes, weather, stocks, news, photos.

The Code Book

Posted in: books | August 13, 2008 | Comments Off

Just finished reading ‘The Code Book’ by Simon Singh. I’d been waiting to read this book for a long time now, but I had been delaying it for reasons beyond me.

The book goes into excruciating details at explaining the details of various cryptographic systems; from the Vigenere ciper to Quantum cryptography, without being prosaic. The story of the German Enigma and the cracking of the same by the ‘Ultras’ at Bletchley Park has been wonderfully described. What sets this book apart from many other popular books on cryptography is the intermingling of stories and technical details in a harmonious proportion.

The book begins from the decipherment of the ciper of Mary, the queen of Scots and concludes with a fine discussion of PGP and quantum cryptography; on the way covering such important and interesting topics including the Enigma Machine, Linear B and other ancient writings, public key cryptography and much more. What I found particularly interesting and new was the use of the Navajo people as code-talkers during World War II.

converting MySQL queries to xml

Posted in: mysql,php | August 5, 2008 | ( 5 ) Comments

There frequently arises a need to return mySQL query results in xml. Maybe you need to send the xml data to the browser or you want to use it as a xml request to a web service; whatever the application, the following function will return the result of a sql query in xml format.

The function accepts 3 parameters. The first is the mysql query result resource, the second is the name of the root element and the third the name of the first child of the root. All the fields from the mySQL table will be sub elements of this child.

The function is shown below:
Read More

Sorting MySQL rows using column values

Posted in: mysql | July 25, 2008 | ( 1 ) Comment

In MySQL it is easy to sort rows by using the ORDER BY clause on the column name. Recently on a client request the sort had to be done using the column values rather than the name. Since I had never come across sorting using values, a couple of minutes of searching was in order; You can do the ordering by using the ‘field’ function like in the below example. Read More