Archive for June, 2012

Supporting Perl Dancer and the “Last Chance” Foundation

Saturday, June 30th, 2012

Last month I set in motion the plan to make regular donations to open source projects and other good causes, and it’s time to do it again.

The choice of project that I’m donating to this month comes rather naturally, as it’s the project that gained most of my attention in the past twelve months, and which had a significant impact on my career — the Perl Dancer framework. Today is exactly one year since I have finished porting my website to Dancer, which was my very first experience with the framework, and through the months that followed I have used it in a number of real-life projects, developed a few plugins, and got a great contract job thanks to being experienced with it. Thank you Dancer for a great year!

The second donation that I’m making this month goes to “Last Chance”, a foundation that runs an animal shelter near Rawa Mazowiecka, my home town. I’m virtually adopting one of the dogs in the shelter — well, the choice was pretty straightforward when I saw that there was one dog that shared the first name with me! Stay strong, my dog namesake, maybe I’ll visit you one day when I’m in the neighborhood.

Dancer::Plugin::Auth::Basic 0.02

Tuesday, June 26th, 2012

I recently noticed that my Dancer plugin implementing basic HTTP authentication received a miserable 2-star review on CPAN Ratings. The reviewer pointed out that the plugin expects passwords to be written in cleartext in configuration files, which is a really bad security practice.

My first reaction was “oh come on, this is basic HTTP authentication, it’s insecure anyway and nobody would use it for any serious purpose”. But then I thought that it is, in fact, valid criticism. While I can’t do anything about the security of the authentication protocol itself (maybe except for advising people to only use it with SSL), this doesn’t mean that I shouldn’t follow the best security practices in those areas that are under my control, and how passwords are stored is one of them.

I modified the plugin to add support for hashed passwords in configuration files — it was really easy thanks to the Authen::Passphrase module, which provides an unified interface to a number of different passphrase schemes. So now you can keep your basic HTTP password secured using SHA-1, salted MD5, Blowfish, or any other scheme supported by Authen::Passphrase. Cleartext passwords still work, so backwards compatibility is maintained.

Hey, I expect at least 4.5 stars now.

 

  • Archives

  • Categories

  • Meta

  • Latest Tweets


    Warning: Illegal string offset 'last_access' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 334

    Warning: Illegal string offset 'time_limit' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 334

    Warning: Illegal string offset 'last_access' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 336

    Warning: Illegal string offset 'twitter_api' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 234

    Warning: Illegal string offset 'user_token' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 262

    Warning: Illegal string offset 'user_secret' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 263

    Warning: Illegal string offset 'consumer_key' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 264

    Warning: Illegal string offset 'consumer_secret' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 265

    Warning: Illegal string offset 'twitter_username' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 270

    Warning: Illegal string offset 'show_retweets' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 272

    Warning: Illegal string offset 'exclude_replies' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 275

    Warning: Illegal string offset 'twitter_data' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 282

    Warning: Illegal string offset 'twitter_data' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 350

    Warning: Illegal string offset 'twitter_data' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 351
    Twitter outputted an error:
    .
    Warning: Illegal string offset 'time_format' in /usr/local/www/odyniec.net/public/blog/wp-content/plugins/twitget/twitget.php on line 484
  • Follow odyniec on Twitter

<