Homebrewing and Vermont Beer

Google AdSense

My Vermont Brewery tours were delayed a bit due to spending most of our weekends doing home improvement projects and yard work. Also, during the last few months I did get a chance to launch http://www.vtbeer.org and develop a WordPress plug-in using RateBeer API. Finally, I got the chance to make another small batch (1 gallon) of beer. Continue reading

How to convert a street address to longitude and latitude (geocoding) via web services (Google)

Google AdSense

Several years ago, I wrote a blog entry detailing how to use geocoder.us (and Yahoo!) web services to geocode an address. Since then both web services have changed a little and I found myself needing to update my code to support non-US locations. Below is sample code showing how to use Google’s Geocoding web service to get longitude and latitude values for addresses.
Continue reading

How to remove passwords from protected Microsoft Word documents

There’s always been a need to remove passwords from protected Microsoft Word documents when you need to make a change. My most common occurrence is with Human Resource (HR) forms. HR staff will create the MS Word document, password protect it, and then upload it to our company intranet. However, when I need to fill the form out, the only way to do so is to print the form, sign my name, scan the signed & printed form, and them email it back to them. What I would like to do, is to just paste a scan of my signature onto the form, save as a PDF, and them email them the PDF saving printing and scanning time and paper (which would then need to be shredded).

Here’s a trick that I learned a long time ago.
Continue reading

Securing ASP.NET Web Sites: Cookie Vulnerabilities

This is the first of my series on securing ASP.NET web sites. As I work through various vulnerabilities, I’ll document instructions for fellow web developers in hopes that we can help build more secure web applications. The Cookie Vulnerability falls under the common vulnerability name of “Broken Authentication and Session Management.”

What is “Broken Authentication and Session Management”?

This cookie vulnerability is OWASP 2010 A3. You can read more at Top 10 2010-A3-Broken Authentication and Session Management. This threat applies to application functions related to authentication and session management not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.
Continue reading