security

How to implement user authentication in a Play Framework application

Table of Contents1 - Resources2 - A custom user authentication action3 - Use that action in your controller methods4 - A sample form5 - Setting the user login cookie6 - Discussion

This past week I started working with the Play Framework (version 2.6), and this is a quick look at how to implement user authentication in a Play application. Specifically this blog post focuses on how to create a custom action so you can secure your Play controllers methods, where you’ll implement those methods using this new, custom action.

Making wrong code look wrong (Joel on Software)

A long time ago — 2005, to be exact — I read this article named Making wrong code look wrong, and it was a big influence on me. These days I don’t know how many people use variable naming conventions, but when working on web applications I still like the “us” (unsafe) and “s” (safe) convention for handling user input. As Joel Spolsky discusses in that article, that convention has a good way of making wrong software code look wrong.

Comments are disabled

Due to a potential security issue I’ve disabled new comments on this website. Hopefully they’ll be re-enabled next week.

Amazon security flaw?

I was surprised to find out yesterday that you can change your Amazon email address without having to verify the change from your old email account. You only have to verify the new email address. That seems like a flaw.

Mac exodus?

I haven’t been blown away by MacOS (nee OS X) in quite some time, and the latest MacBook design seems to have annoyed even more developers. A good thing about this is that it got me looking into Qubes OS, “a reasonably secure operating system.”

Apple’s philosophy of “we design the hardware and software” works well when people like your work, but when people don’t like your design it’s easy to lose customers.

Apple has an iOS/macOS “Stagefright” security flaw alvin July 21, 2016 - 6:12pm

According to Forbes and other sources, Apple now has its own version of a “Stagefright” security flaw, and it affects all but the most recent versions of iOS and Mac OS X. Theoretically all it requires is that a hacker sends your phone one text.

Apple’s minimalist security announcements are here: iOS 9.3.3 update, OS X update.