João P. BragançaAll too often, security is treated as an afterthought in our models. I’m as guilty of this as anyone. :) Now that HTTP is becoming the most popular protocol inside the enterprise, sending bad data across the wire becomes much easier. A hidden input field is not all that hidden.
Let’s take everyone’s second favorite fake business problem: Enrolling Students in Classes. Let’s take it further and say we want to develop this as a SaaS product.
João P. BragançaI’ve been taking a bit of a coding vacation. Before I jump back into things, I decided to do a little housekeeping and clean the cobwebs from my interwebs. Specifically, reducing the level of annoying coming out of Facebook.
Look at this nonsense right here:
Wow, what a great user experience! Having to un-check 60-odd check-boxes individually is just great. I’m sure the team of 15 out of 1,000 Facebook engineers that built this page thought this was really clever.
João P. BragançaThe fastest information can ever travel is 3*10^8 m/s - in a vacuum. It’s 2/3rds that in a copper wire. In the ideal case.
Imagine two observers in the milky way galaxy, one at Terminus and the other at Star’s End. They will observe events from all over the universe at different times - they will not agree on the order of events. What they can agree on is that eventually they will see all of them.
João P. BragançaRecently, a client wanted to know why certain product they had installed was performing so horribly from their overseas office when it worked just fine over here. I had my suspicions but I wanted to confirm it.
So, I had him put in fiddler. If you haven’t heard of this tool, get it now. It will save you a ton of time when debugging any http issue.
Anyway, my suspicions were confirmed: