Category: Software development

Tableless and Secure One-Time Password (OTP) 12

Tableless and Secure One-Time Password (OTP)

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

Common requirements of One Time passwords are:

  1. Statistically unique – using the same password for all requests is probably not the right security choice.
  2. Hard to ‘guess’ – using sequential number is again, probably not the right security choice.
  3. Can be authenticated by the server – the server needs to distinguish between real OTP and bogus OTP.
  4. Good for one time – after the process is done the OTP should no longer be valid.
  5. Time limited – the OTP usually expires after a configurable amount of time.
  6. Secure – hackers should have a hard time changing the expiry date, username context and so forth.

Most OTP implementations use a Database table to persist the OTP and to manage their expiry date, a DB table might look like this:

id User Id OTP Expire date
1 Amir Asfsd3434bgddh 1/1/2010
2 Someone Ddfsd3345ssfsss 7/1/2010

While this is a valid solution, it is not the most efficient and elegant one, the truth is that you do not need an additional table enable and manage OTPs.

The answer is simple – the seed for this OTP is already persisted in the Database in the form of the old password (or more exactly the old password hash)

Here is how it is done:

Open source presentation at the Wellington Architect forum 0

Open source presentation at the Wellington Architect forum

Just finished my presentation on Open source and Architecture in the Wellington Software Architect Forum.

We have covered these topics:
1) Definition, Licensing & players
2) Open source based architecture examples
3) Best practices
4) ROI, TCO and other TLA
5) Open source tools for architecture
6) Want to be an open source developer?
7) Future FOSS trends

You can download the presentation here.

IPWEditor – In-Place WYSIWYG Editor 1.2 Released with TinyMCE support 7

IPWEditor – In-Place WYSIWYG Editor 1.2 Released with TinyMCE support


IPWEditor provides easy in-place editing for Web pages with a layer of WYSIWYG. It allows you to seamlessly replace text on Web pages with inputs for on-the-spot editing.

Up until now IPWEditor has integrated only with FCKeditor. The major feature in this release is integration with TinyMCE, a popular WYSIWYG editor.

Developers can now choose to run IPWEditor with either FCKeditor or with TinyMCE editor using the same IPWEditor code.

Drupal crashes when adding module in Modules admin screen 1

Drupal crashes when adding module in Modules admin screen

Drupal is a popular CMS that enables 3rd party development of extensions such as themes and modules. In order to get a good value site out of Drupal you need to install several modules and theme that provides functionality such as cool look and feel, SEO improvements, support for content types such as images and a lot more.

The problem:

When adding several modules to Drupal you try to enter the “modules” page in the administer menu and Drupal crashes with this error:
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 1476899 bytes) in . . .

How to SELECT a Random Record in SQL 0

How to SELECT a Random Record in SQL

Sometimes we need to retrieve a random entry from the Database. An examples for that could be trying to display “random posts” or “a random image”.

Some developers pull some or all of the records and then preform the randomization in the application tier (AKA in code).

In most cases letting the Database return random eateries could prove to be a better option performance-wise.

Here is how it is done:

IPWEditor – In-Place WYSIWYG Editor 1.1 Released 0

IPWEditor – In-Place WYSIWYG Editor 1.1 Released


IPWEditor provides easy in-place editing for Web pages with a layer of WYSIWYG. It allows you to seamlessly replace text on Web pages with inputs for on-the-spot editing.

As reported by some members of the community, due to jQuery issue with IE 7, IPWEditor 1.0 had some issues around IE usability.

Thanks to these inputs and some refactoring around the jQuery limitation, these issues were resolved in this IPWEditor 1.1 release.

metrix 6

AutoSnippet – automatically generate HTML and javascript code snippets


Code snippets posted online are a great source of knowledge and simple way to share experience and to reuse code. As developers we always look to see if there is a ‘code example’ which we can modify to our needs. As bloggers we find code snippets very useful to get our information out to the readers.

The problem is that creating these code snippets is a complex and cumbersome task. You need you replace all the < with &alt, wrap the code in <pre> and <code> tags and then use a Syntax Highlighter to make our code look nice. Every time we change or fix the code you need to reiterate this process.

AutoSnippet solves this problem by automatically generating the code snippet from the source code (HTML, CSS and Javascript). No more cumbersome repetitive tasks and no more inconsistencies between example and real code.

In this article I will show how to generate automatic snippets for your blog and source/code websites.

IPWEditor – In-Place WYSIWYG Editor with FCKeditor and JQuery Editable 9

IPWEditor – In-Place WYSIWYG Editor with FCKeditor and JQuery Editable


An In-Place editor, such as jQuery Editable plug-in, lets you seamlessly replace texts on web pages with inputs, for on-the-spot editing (see example 1). WYSIWYG editors, such as FCKeditor, provide easy, word-like editor on the web (see example 2). Basically, the two are advanced User-Interface JavaScript tools that help users edit content on the web in an easy, intuitive and productive way.

Wouldn’t it be great if we combine the two to create a really cool, web 2.0 user experience for editing content on the web? Unfortunately, FCKeditor and Editable are not fully compatible and some tweaking is required to make them interoperable.

In this article will demonstrate how, with little modification, FCKeditor can be integrated into Editable to create an In-Place WYSIWYG editor (see example3).

Software As A Service Takes The “Free Beer” Out of Open Source 0

Software As A Service Takes The “Free Beer” Out of Open Source


Free software means that computer users have the freedom to cooperate with whom they choose, and to control the software they use. To summarize this into a remark distinguishing libre (freedom) software from gratis (zero price) software, Richard Stallman said: “Free software is a matter of liberty, not price. To understand the concept, you should think of ‘free’ as in ‘free speech’, not as in ‘free beer’.1

The reality is quite different from this philosophy. Up until now open source software was, for most people, free beer rather than free speech. Well, the beer party is over, and cooperate companies have a new business model strategy called SAAS.