On Monday, my website host’s (DreamHost) database server crashed and they restored the previous week’s data for all of the databases hosted on that server. Eventually, they were able to restore the daily backups to disk, which allowed users to restore that day’s backup. However, when I went to restore the daily backup, it was about 16 hours old.
Within those 16 hours, one forum had hundreds of posts, topics, and forum reorganization; another WordPress blog had two dozen of posts; while my personal blog (this site) had no changes. At the time, my backup scheduled was:
My Vermont Brewery tours were delayed a bit due to spending most of our weekends doing home improvement projects and yard work. Also, during the last few months I did get a chance to launch http://www.vtbeer.org and develop a WordPress plug-in using RateBeer API. Finally, I got the chance to make another small batch (1 gallon) of beer. Continue reading
Several years ago, I wrote a blog entry detailing how to use geocoder.us (and Yahoo!) web services to geocode an address. Since then both web services have changed a little and I found myself needing to update my code to support non-US locations. Below is sample code showing how to use Google’s Geocoding web service to get longitude and latitude values for addresses.
What is “Form Caching Vulnerability”?
The Form Caching Vulnerability allows sensitive form fields to be cached and retrieved by another user on the same client.
CWE-525: Information Exposure Through Browser Caching
This is the first of my series on securing ASP.NET web sites. As I work through various vulnerabilities, I’ll document instructions for fellow web developers in hopes that we can help build more secure web applications. The Cookie Vulnerability falls under the common vulnerability name of “Broken Authentication and Session Management.”
What is “Broken Authentication and Session Management”?
This cookie vulnerability is OWASP 2010 A3. You can read more at Top 10 2010-A3-Broken Authentication and Session Management. This threat applies to application functions related to authentication and session management not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.