This is Michael's Typepad Profile.
Join Typepad and start following Michael's activity
Join Now!
Already a member? Sign In
Recent Activity
It's not just the devs that serve at the king's pleasure - by imposing these restrictions, Apple also says that the users use their device at their (Apple's) pleasure. Thou shalt not run any software (excepting web apps) that has not been approved by thy benefactor Apple. To me, that is at least as horrifying.
Toggle Commented Oct 15, 2011 on Serving at the Pleasure of the King at Coding Horror
Several people have proposed combining and IP check with the cookie check. That doesn't work, however - many of these open WiFi routers are NATed, so the FireSheep connection will appear to come from the same IP that was issued the cookie. In fact, short of HTTPS or other similar encryption protocols, there is no solution. The required solution must be immune to forgery or to replay attacks; a give set of credentials must be unusable by anyone other than the sender and replaying a set of stolen credentials must not work. Given the stateless nature of HTTP, this is incredibly difficult to enforce, as the protocol doesn't provide a means to negotiate the necessary changes in magic numbers. A solution could be approached using cryptographic signatures over some data including a timestamp and a nonce, but the current browsing technology doesn't make that a viable solution unless everything is done in JavaScript (thereby further breaking the Web).
Toggle Commented Nov 14, 2010 on Breaking the Web's Cookie Jar at Coding Horror
Michael is now following The Typepad Team
Nov 14, 2010