Scriptplayground Network

Mike Chambers has posted information about a project that allows you to use AIR and other applications on your OS. You may remember the Artemis project from Effective UI, but recently (few months now) that project has been abandoned. It seems this new project, CommandProxy is a start in the right direction and it will be interesting to follow it.

You can find more information on Mike’s blog.

Note: This project is not supported by Adobe in any way, this is simply developers coming up with a solution.

… with the browsers on OS X? I am at a loss for words, but no matter which browser I use on the Mac I run into some sort of problem.

Uploading and caching bugs in Safari, excessive crashing in Firefox and untold memory usage in Flock.

I now have to run three browsers to check my mail, blog post and forum surf. Luckily my passwords are moving with each browser, but this is getting a little out of hand here.

Does anyone have a way to get at least one stable browser for the Mac? Don’t make me admit that IE7 in Parallels is gaining popularity with me.

The topic of security in PHP is a long standing one in the developer community. Often times you will find security is simply overlooked. The most recent example (that I found) is the Untraceable movie web site interactive puzzle game. Once you complete the game your time and name is entered into the database to be displayed on the high score screen.

Here is an example of that easy to modify URL (removed the full path)

http://…/score.php?score=02%3A41&name=JAMES%20B%2E

As you can see the time and username are clearly visible in the URL, which in this example is 2 minutes & 41 seconds.

Now that you can see the issue, lets look at how to stop this basic modification ability. This example will use ActionScript 3 and the MD5 library provided by Adobe’s AS3CoreLib.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

import com.adobe.crypto.MD5;
 
var salt:String = "439df098";
 
function sendScore(name:String, score:String):void
{
  var scoreHash:String = MD5.hash(salt + score);
 
  var query:String = "?n=" + name +
    "&s=" + score +
    "hash=" + scoreHash;
 
  var req:URLRequest = new URLRequest("score.php" + query);
  var urlLoader:URLLoader = new URLLoader();
  urlLoader.addEventListener(Event.COMPLETE, scoreSent);
  urlLoader.load(req);
}
 
sendScore("James", "2:41");

Once the ActionScript is developed, the next step is to work out the PHP.

The PHP will take the same salt (which would be private) and test the hash to determine if the entry is valid.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

<?php
 
// connection to database goes here
 
$salt = "439df098";
 
$name = $_GET['n'];
$score = $_GET['s'];
$hash = $_GET['hash'];
 
if($hash == md5($salt + $score))
{
  // Valid score submission.
  // enter score in database at this point.
}
else
{
  // error, log IP address for security purposes
}
 
?>

As you can see this code is not very advanced, but easily protects your score submitting or any type of form submission from fraudulent entries.

MacHeist has been all the rage this past few weeks and I finally got a moment to write about it. Basically this site is the ultimate OS X software bundle valued at over $360.00 which is being sold for the low price of $49. When you purchase a bundle you get to determine which charities receive the donation and you can even split across all 10 of them.

Overall the concept has gained a lot of publicity and for good reason, some do think the concept is bad since they are making so much money from it and basing it on indie software, but I for one think it is a cool concept and have already bought my bundle of cool software.

I have always been looking for ways to manage all my password, across multiple browsers and even systems. Originally I started writing them down (worst idea) and then started using only a few passwords, but that was just as bad. After that I began to use the Keychain that ships with every Mac, but this became a problem when I purchased a new MacBook Pro because I had to transfer all of the keychain data to that new machine.

Another problem with relying on the keychain is it only really works for some applications because not all browsers and programs support it.

Well, the issue is now in the past because I have been using 1Password which allows me to share my login information across browsers and manage it all within one powerful application.

Getting Started
You start off by setting a master password so you don’t have to be bothered with many passwords. This feature alone is enough for me, but it goes beyond that. 1Password allows me to choose, random, strong passwords any time I register for a site. Whenever a new form is encountered 1Password asks me to save that password for future use, or you can enable 1Password to automatically store new forms.

Phishing Prevention
Another great feature of 1Password is phishing prevention. Let’s say you visit a site and attempt to retrieve the login information but its not there, you would now be concerned and confused, but at the same time you know the site isn’t the correct one. This means your identity isn’t stolen and your login information is stored safely from prying eyes.

Password Management Made Easy
Managing your passwords from the easy-to-use application is seamless and quick, and of course you can lock down this application, requiring your admin password in order to modify the settings.

Sync with .Mac
1Password has the ability to sync with your .mac account which means you can have all of your logins synced across your computers. This was especially important for me because I need to have access to my clients systems no matter which machine I am on and now I have this.

Leopard Support
As a bonus, it works on Leopard too!

Overall I found this application to do exactly what it was advertised and that is a great thing.

You can download a demo here and a full license will set you back about $29.95, which can be purchased at AgileOnline. (discount code added to bring price down a bit)