blog / News: Recent posts

Passwords for blog users are encrypted with a DES key; this key is stored in "keyfile". There are two known issues with this process. First, encrypting data with DES is suitable for times in which the data should be unencryptable, but not in this case (password comparison). Instead, I need to use a hashing algorithm like md5 or the like. This is not necessarily a security issue, if keyfile is stored in a secure location, but it is not preferable. Secondly, when the cryptographic key is stored in keyfile, it is not converted to base64, and this has the potential to cause problems (i.e. If the key happens to contain the right combination of numbers, when the key is treated like a string unescaped values like '"' or '\n', etc... will cause an exception to be thrown from blogUser). If this happens, I would suggest replacing the key by running KeyGen again. Both of these issues will be addressed in the next version of blog.

blog version 1.2 will be rolling out shortly (later today, or when I get around to it). Included in this release is a whole set of new faculties as well as a redesign of how the API functions. The new release includes user authentication and management and the ability to add threads as children to other threads. This version is geared more towards professional users or users in web communities. Be forewarned, this addition would require restructuring your blog interface to accomodate for the design differences, I suggest that you only upgrade if the changes appeal to you specifically.... read more