IPWEditor – In-Place WYSIWYG Editor 1.2.1 Released with TinyMCE bug fix and more

Posted by Amir Shevat | Posted on 09-04-2010

Category : AJAX, IPWEditor, New Release, Open source, release, SAAS, Software development, web


IPWEditor provides easy in-place editing for Web pages with a layer of WYSIWYG. It allows you to seamlessly replace text on Web pages with inputs for on-the-spot editing.

Up until now IPWEditor did not support TinyMCE advance settings, due to a minor bug found and resolved by the community.
This release incorporates this bug fix and adds additional documentation around the ‘cancel’ functionality.

DEMO (TinyMCE)



Click me! I am editable and WYSIWYG!!! (TinyMCE)

Code behind:


<script type="text/javascript" src="jquery-1.3.2.js"></script>
<script type="text/javascript" src="jquery.editable.ipweditor-1.2.1.js"></script>
<script type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script>

<div id=”editable” class=”myipwe1″> Click me! I am editable and WYSIWYG!!! </div>

<script type=”text/javascript”>//set all the tinyMCE configuration here and pass it to the editable
$().ready(function() {
var ed = new tinymce.Editor(‘myipwe1′, {
theme : “advanced”

}); $(‘.myipwe1′).editable(
{
type: ‘wysiwyg’,
editor: ed,
onSubmit:function submitData(content){
alert(content.current)
},
submit:’save’,
cancel:’cancel’
});
});

</script>

download and docs

Formal documentation and download can be found here.

Security issue in CakePHP code documentation

5

Posted by Amir Shevat | Posted on 05-03-2010

Category : CakePHP, Open source, PHP, Security, Software development

I have been using CakePHP for a long time now and enjoy every second. It provides a productive, easy to use and well document platform for PHP application. The key advantages for me are – transparent OR mapping, a strong Model View Controller framework, and tons of extra utilities that make your life better.

I have came across a possible security issue in one of cakePHP code examples. This section of code is responsible to authorize or un-authorize clients access to a certain action (MVC flow)

action == 'delete') {
            if ($this->Auth->user('role') == 'admin') {
                return true;
            } else {
                return false;
            }
        }

        return true;
    }
?>

The major security rule this code is breaking is – never ever have ‘return true’ as a default for an authorization method.
Continue Reading

CakeOTP 1.0 – Secure, Expirable, Table-less One Time Password for CakePHP Released

Posted by Amir Shevat | Posted on 11-02-2010

Category : CakePHP, Open source, PHP, release, Security, Software development

CakeOTP is a secure, table-less and expirable implementation of One Time Password for the popular CakePHP development framework.

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

The problem is that most one-time password implementation involve maintaining additional database tables and batch process that handle the persistence and expire date of the one time password. This adds complexity and reduces performance.

CakeOTP is a simple and clean implementation of one time password. It reduces complexity by removing the redundant SQL calls and DB batch maintenance while still keeping the one time password secure and expirable.

Download this release here.

Checkout the Online Demo, project page and getting started page.

Feel free to post comments and questions.

Automatic online advertisement finally developed a twisted sense of humor.

Posted by Amir Shevat | Posted on 26-01-2010

Category : Microsoft, Open source, Opinion

In an interesting blog post about New Zealand education system moving from Microsoft to open source. I have noticed that the advertisement picked for the blog post, indicates that automatic-advertisement finally developed a sense of humor:

I hope I get the same kind of advertisement and then we can have a recursive blog post.

CakeOTP 0.1 beta release – One Time Password Reference Implementation for CakePHP

Posted by Amir Shevat | Posted on 22-01-2010

Category : CakePHP, Open source, PHP, release, Security, Software development


I have started to implement the algorithm for tableless, secure One time password.

Here is a link to the Demo, and here is a link to the beta release.

The only thing you need to do other then the regular cakePHP setup is to create a user table (used by the CakePHP Auth component):

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL auto_increment,
  `username` char(50) default NULL,
  `password` char(40) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=23 ;

Continue Reading

Morphfolia – A New Open Source CMS is Born.

Posted by Amir Shevat | Posted on 18-01-2010

Category : Microsoft, Open source, Software development

My friends, Adrian Kearns, finally released his excellent CMS, Morphfolia, as an open source project.

Morphfolia is two things:

  • A Content Management System (CMS)
  • A web application framework (for the typical Microsoft ASP.NET stack)

Morphfolia provides a suite of tools and capabilities that make website development and management flexible and easy.

This is achieved by a mature architecture and good design principles; the pages, content, page-layout and look & feel are all separated. Continue Reading

Tableless and Secure One-Time Password (OTP)

10

Posted by Amir Shevat | Posted on 15-01-2010

Category : Open source, Security, Software development

Tags: ,

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

Common requirements of One Time passwords are:

  1. Statistically unique – using the same password for all requests is probably not the right security choice.
  2. Hard to guess – using sequential number is again, probably not the right security choice.
  3. Can be authenticated by the server – the server needs to distinguish between real OTP and bogus OTP.
  4. Good for one time – after the process is done the OTP should no longer be valid.
  5. Time limited – the OTP usually expires after a configurable amount of time.
  6. Secure – hackers should have a hard time changing the expiry date, username context and so forth.

Most OTP implementations use a Database table to persist the OTP and to manage their expiry date, a DB table might look like this:

id User Id OTP Expire date
1 Amir Asfsd3434bgddh 1/1/2010
2 Someone Ddfsd3345ssfsss 7/1/2010

While this is a valid solution, it is not the most efficient and elegant one, the truth is that you do not need an additional table enable and manage OTPs.

The answer is simple – the seed for this OTP is already persisted in the Database in the form of the old password (or more exactly the old password hash)

Here is how it is done:
Continue Reading

Open source presentation at the Wellington Architect forum

Posted by Amir Shevat | Posted on 05-11-2009

Category : Architecture, Microsoft, Open source, Software development

Just finished my presentation on Open source and Architecture in the Wellington Software Architect Forum.

We have covered these topics:
1) Definition, Licensing & players
2) Open source based architecture examples
3) Best practices
4) ROI, TCO and other TLA
5) Open source tools for architecture
6) Want to be an open source developer?
7) Future FOSS trends

You can download the presentation here.

IPWEditor – In-Place WYSIWYG Editor 1.2 Released with TinyMCE support

7

Posted by Amir Shevat | Posted on 02-09-2009

Category : AJAX, IPWEditor, Open source, release, SAAS, Software development, web


IPWEditor provides easy in-place editing for Web pages with a layer of WYSIWYG. It allows you to seamlessly replace text on Web pages with inputs for on-the-spot editing.

Up until now IPWEditor has integrated only with FCKeditor. The major feature in this release is integration with TinyMCE, a popular WYSIWYG editor.

Developers can now choose to run IPWEditor with either FCKeditor or with TinyMCE editor using the same IPWEditor code.

Continue Reading

IPWEditor – In-Place WYSIWYG Editor 1.1 Released

Posted by Amir Shevat | Posted on 23-07-2009

Category : AJAX, Open source, Software development, web


IPWEditor provides easy in-place editing for Web pages with a layer of WYSIWYG. It allows you to seamlessly replace text on Web pages with inputs for on-the-spot editing.

As reported by some members of the community, due to jQuery issue with IE 7, IPWEditor 1.0 had some issues around IE usability.

Thanks to these inputs and some refactoring around the jQuery limitation, these issues were resolved in this IPWEditor 1.1 release. Continue Reading

Previous
Next